ICANN seeks further advice from EU authorities on compliance with the GDPR

With the EU General Data Protection Regulation very close to entering into force (25 May 2018), the Internet Corporation for Assigned Names and Numbers (ICANN) continues to work on a model to ensure that domain name registries and registrars comply both with ICANN agreements and policies and with the GDPR. As part of this process, ICANN has announced that it has asked for additional guidance from the Article 29 Data Protection Working Party, following a meeting held between the two parties in April 2018. A letter sent to Article 29 on 10 May outlines a number of questions on issues such as the publication, via WHOIS, of personal data associated with a domain name registered by a legal person, the access of law enforcement entities to non-public WHOIS data, international transfers of personal data, and the retention period of WHOIS data.