ICANN publishes interim model for compliance with the GDPR
The Internet Corporation for Assigned Names and Numbers (ICANN) is continuing its work on determining how the organisation and the generic top-level domain (gTLD) registries and registrars could comply with ICANN policies and contractual requirements while at the same time being in line with the EU General Data Protection Regulation (GDPR). In an interim compliance model for handling domain name registration data, ICANN is proposing changing the currently publicly available WHOIS services (registration directory services) to an approach requiring a layered/tired access model for WHOIS. The model ‘maintains robust collection of registration data (including registrant, administrative, and technical contact information), but restricts most personal data to layered/tiered access via an accreditation program to be developed in consultation with the Governmental Advisory Committee (GAC), data protection agencies, and contracted parties with full transparency to the ICANN community’. In line with these approach, ‘approved user groups’, such as law enforcement agencies and intellectual property lawyers could have access to registrans’ data if they meet certain criteria and limitations to be included as part of the accreditation programme.