NTIA Semi-Annual Report to US Congress Includes Efforts on GDPR Compliance

The NTIA, which is now obligated by law to provide a semi-annual report to Congress on ICANN policies and whether or not the NTIA supported these changes, has provided its first report for the 6 months to the end of September. The report focusses on efforts to deal with the EU’s GDPR.

The European Union’s General Data Protection Regulation came into effect towards the end of May 2018 and to work out a solution on how to comply with requirements that impact on Whois data collection, the National Telecommunications and Information Administration (NTIA) engaged directly with ICANN as well as through the Governmental Advisory Committee (GAC). The NTIA notes they they worked “aggressively … to maintain the ability for law enforcement, cybersecurity practitioners, intellectual property rights holders, and other users to access WHOIS information in a timely manner.”

The NTIA says their aggressive activities are “to a certain extent reflected in the Temporary Specification, which maintains the requirement for registries and registrars to continue collecting WHOIS information as well as make access to now redacted information ‘reasonably’ available. NTIA supported ICANN taking action to keep the WHOIS service working, but has made clear in remarks within the GAC that while the Temporary Specification is necessary, it is not sufficient, as it does not clearly articulate how WHOIS users are to be allowed access to this data in a predictable fashion.”

The Temporary Specification can only be in effect for 12 months meaning that a more permanent solution needs to be in place by 25 May 2019. To meet this goal the NTIA has “volunteered to be one of three GAC representatives to the EPDP [Expedited Policy Development Process] and is working over 30 hours a week to ensure that the future specification balances data protection with the needs to access WHOIS information for legitimate and lawful purposes.”

The “NTIA is also pursuing avenues for specifically addressing the development and implementation of a unified access mechanism to permit access to non-public WHOIS information rather than solely through an undefined requirement for registries and registrars to provide ‘reasonable access.’ Such a unified access mechanism would permit a range of users, based on legitimate purposes, to access non-public WHOIS information through a process of accreditation and credentialing.” Consultations with stakeholders (including U.S. Government agencies) on how best to advance and further develop this effort are continuing with more discussions to take place at the upcoming ICANN 63 meeting in Barcelona later this month.

The NTIA report also notes the ongoing efforts on ICANN accountability. The NTIA continues to “monitor the ongoing ICANN Cross Community Working Group (CCWG) Accountability Work Stream 2 (WS2) efforts to ensure any outcomes are consistent with U.S. Government policy positions and goals. The CCWG WS2 issued its final report for endorsement consideration on June 24, 2018.3 The GAC, as a chartered member of the CCWG, is expected to consider endorsement at ICANN 63 in Barcelona this October.”

The NTIA also commented on ICANN’s call for “public comment on a proposal to alter the timeline for conducting the third Accountability and Transparency Review (ATRT3) in an effort to release pressure on the community to participate in such activities in light of all the concurrent efforts underway including the CCWG-Accountability WS2. NTIA submitted comments on this proposal on July 31, 2018.4 In its comments, NTIA recognized the constraints on the community, but also NTIA’s expectation that ATRT3 will begin its work in earnest, having had its initial meeting no later than June 2019.” The NTIA expects the ATRT3 to issue its final report within one year of convening its first meeting.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.