Tag Archives: European Commission

European Commission Updating 20-Year-Old Digital Services Act, Impacting Cloud and Hosting Providers, TLD Registries and Registrars

As part of the European Digital Strategy, the European Commission announced in June a Digital Services Act package to strengthen the Single Market for digital services and foster innovation and competitiveness of the European online environment. The revised package will “impact network operators, cloud and hosting providers, top-level domain registries and registrars”, among others.

Continue reading European Commission Updating 20-Year-Old Digital Services Act, Impacting Cloud and Hosting Providers, TLD Registries and Registrars

.eu ADR fees remain discounted until 30 June 2020

Following the agreement between EURid and both institutions appointed to rule on Alternative Dispute Resolution (ADR) proceedings for the .eu top-level domain (the WIPO Arbitration and Mediation Center and the Czech Arbitration Court), the .eu registry announced last week the fee for a basic .eu ADR procedure will remain discounted until 30 June 2020.

This means that the ADR fee per dispute complaint is as low as €100.
If you wish to dispute a .eu, .ею or .ευ domain name registration, and believe that you have a prior right (within the EU or EEA) to that domain name (e.g. you hold a trademark, trade name, company name, family name, and so on) and that the current holder has registered or is using the domain name for speculative or abusive purposes, you may challenge its registration by initiating an Alternative Dispute Resolution (ADR) procedure.

New Rules Announced For .EU, Including EU/EEA Citizens Anywhere Able To Register Domains From October

A new set of rules for .eu came into being on 18 April which will be applicable from 13 October 2022, except for the article 20 that introduces eligibility to EU citizens residing in third countries, which should start applying as of six months after entering into force, that is, in October 2019. In the coming weeks EURid will inform all its stakeholders about the exact date when the new eligibility criteria apply.

The new rules have come about following a political agreement between the European Parliament and the Council on 5 December 2018 and are designed to support better quality and more innovative services on .eu.

From 13 October 2022 there will be a legal flexibility for the .eu domain to adapt to rapid market changes and allow modernisation of its governance structure. A new body, bringing together stakeholders from different backgrounds, will advise the Commission on the management of the top-level domain.

Article 20, which comes into being on 19 October 2019, will extend the right to register a .eu domain name to citizens of the European Union and the European Economic Area (EU/EEA) residing outside the EU. This was previously limited to citizens living in countries within the EU and EEA. It will also offer some comfort to some citizens of the EU/EEA who have registered .eu domain names and reside in the UK if Brexit, assuming it happens, is drawn out long enough.

The new Regulation aims to adapt the current rules to the fast-changing domain name industry in order to strengthen the link with the growing Digital Single Market which focusses on European values like multilingualism, privacy protection, and security.

In addition, EURid announced at the end of March the Service Concession Contract between themselves and the European Commission has been extended until 12 October 2022 to be in line with the new .eu Regulation enforcement.

The new Regulation on the implementation and functioning of the .eu TLD name is available here.

ICANN: German Regional Court to Revisit Ruling in Injunction Proceedings on Request to Preserve WHOIS data

ICANN was informed Thursday that the Regional Court in Bonn, Germany, has decided to revisit its ruling in the injunction proceedings that ICANN initiated against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group.

 

On 13 June 2018, ICANN appealed the Regional Court’s initial decision to reject ICANN‘s application for an injunction, in which ICANN sought a court order requiring EPAG to reinstate collection of administrative and technical contact data for new domain name registrations.

Upon receipt of an appeal, the Regional Court has the option to re-evaluate its decision that is being appealed, or affirm its decision and immediately forward the matter to the Higher Regional Court for consideration of the appeal.

In this instance, the Regional Court has decided to revisit its initial decision and has asked EPAG to comment on ICANN‘s appellate papers within two weeks.

ICANN is pursuing this matter as part of its public interest role in coordinating a decentralized global WHOIS for the generic top-level domain system. To that end, ICANN continues to seek clarity of how to maintain a global WHOIS system and still remain consistent with legal requirements under the European Union’s General Data Protection Regulation (GDPR).

Background:

On 25 May 2018, ICANN filed the injunction proceedings against EPAG. ICANN asked the Court for assistance in interpreting the GDPR in an effort to protect the data collected in WHOIS. ICANN sought a court ruling to ensure the continued collection of all WHOIS data. The intent was to assure that all such data remains available to parties that demonstrate a legitimate purpose to access it, and to seek clarification that under the GDPR, ICANN may continue to require such collection.

ICANN filed the proceedings because EPAG had informed ICANN that as of 25 May 2018, it would no longer collect administrative and technical contact information when it sells new domain name registrations. EPAG believes collection of that particular data would violate the GDPR. ICANN‘s contract with EPAG requires that information to be collected.

EPAG is one of over 2,500 registrars and registries that help ICANN maintain the global information resource of the WHOIS system. ICANN is not seeking to have its contracted parties violate the law. Put simply, EPAG’s position spotlights a disagreement with ICANN and others as to how the GDPR should be interpreted.

On 30 May 2018, the Regional Court determined that it would not issue an injunction against EPAG. In rejecting the injunctive relief, the Court ruled that it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse in connection with the domain name (such as criminal activity, infringement, or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

On 13 June 2018, ICANN appealed the Regional Court’s ruling to the Higher Regional Court of Cologne, Germany, and again asked for an injunction that would require EPAG to reinstate the collection of all WHOIS data required under EPAG’s Registrar Accreditation Agreement with ICANN.

ICANN appreciates and understands the dilemma of EPAG in trying to interpret the GDPR rules against the WHOIS requirements, but if EPAG’s actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records.

In addition to the court proceedings, ICANN is continuing to pursue ongoing discussions with the European Commission and the European Data Protection Board to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.

About ICANN

ICANN‘s mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-3-2018-06-21-en

ICANN Appeals German Court Decision on GDPR / WHOIS

ICANN today (13 June) appealed a decision by the Regional Court in Bonn, Germany not to issue an injunction in proceedings that ICANN initiated against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group. The appeal was filed to the Higher Regional Court of Cologne, Germany.

ICANN is asking the Higher Regional Court to issue an injunction that would require EPAG to reinstate the collection of all WHOIS data required under EPAG’s Registrar Accreditation Agreement with ICANN.

The Regional Court in Bonn rejected ICANN’s initial application for an injunction, in which ICANN sought to require EPAG to collect administrative contact and technical contact data for new domain name registrations.

If the Higher Regional Court does not agree with ICANN or is not clear about the scope of the European Union’s General Data Protection Regulation (GDPR), ICANN is also asking the Higher Regional Court to refer the issues in ICANN’s appeal to the European Court of Justice.

ICANN is appealing the 30 May 2018 decision by the Regional Court in Bonn as part of ICANN’s public interest role in coordinating a decentralized global WHOIS for the generic top-level domain system.

“We are continuing to seek clarity of how to maintain a global WHOIS system and still remain consistent with legal requirements under the GDPR,” said John Jeffrey, ICANN’s General Counsel and Secretary. “We hope that the Court will issue the injunction or the matter will be considered by the European Court of Justice.”

Background:

On 25 May 2018, ICANN filed the injunction proceedings against EPAG. ICANN asked the Court for assistance in interpreting the GDPR in an effort to protect the data collected in WHOIS. ICANN sought a court ruling to ensure the continued collection of all WHOIS data. The intent was to assure that all such data remains available to parties who demonstrate a legitimate purpose to access it, and to seek clarification that under the GDPR, ICANN may continue to require such collection.

ICANN filed the proceedings because EPAG had informed ICANN that as of 25 May 2018 when it sells new domain name registrations, it would no longer collect administrative and technical contact information. EPAG believes collection of that particular data would violate the GDPR. ICANN’s contract with EPAG requires that information to be collected.

EPAG is one of over 2,500 registrars and registries that help ICANN maintain the global information resource of the WHOIS system. ICANN is not seeking to have its contracted parties violate the law. Put simply, EPAG’s position spotlights a disagreement with ICANN and others as to how the GDPR should be interpreted.

On 30 May 2018, the Court determined that it would not issue an injunction against EPAG. In rejecting the injunctive relief, the Court ruled that it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse in connection with the domain name (such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

ICANN appreciates and understands the dilemma of EPAG in trying to interpret the GDPR rules against the WHOIS requirements, but if EPAG’s actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records.

In addition to the court proceedings, ICANN is continuing to pursue ongoing discussions with the European Commission and the European Data Protection Board to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.

About ICANN

ICANN’s mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2018-06-13-en

UK owners of .EU domains will lose their websites

EURid logoIn a meeting with its UK domain registrar community on June 4th, EURID (the operator of .EU domains) outlined the European Commission’s directive on how Britain’s withdrawal from the EU will affect UK Registrants of .EU domain names. It has ordered EURID to delete all domain names registered to UK owners as soon as March 30th, 2019 if a withdrawal agreement has not been reached with Britain by that date.

With roughly 380,000 .EU domain names registered by UK entities and EURID stating that the domains could be revoked without notice, both UK and European consumers could be faced with mass disruption to their online services. Several high profile British businesses, including Financial Institutions, service providers and online retailers, use a .EU address for either their main website, email or as a linking address used to facilitate their online services. Those businesses will need time to plan their transition away from the .EU domain in order to ensure continuity for their customers.

The decision was met with general confusion amongst the UK registrars in attendance. In previous similar cases such as the dissolution of the .SU domain after the collapse of the Soviet Union, domain owners were given until the natural expiry of their websites to make alternative arrangements.

Whether the EU commission intends to follow through with its directive or whether it is now using the .EU domain as a bargaining chip in Brexit negotiations remains to be seen, but there is plenty of cause for concern amongst UK based .EU website owners.

Internet.bs recommends that our UK customers register their .EU domains via their European (non-UK) address or choose a comparable domain such as .eu.com. We will also work with our sister company – Instra.com – to explore options for providing a proxy service or the ability to register local businesses within the new EU.

This article was originally published at:
https://internetbs.net/blog/2018/06/05/uk-owners-of-eu-domain-will-lose-their-websites/

ICANN Finally Approves Temporary Specification To Comply With EU’s GDPR, With 7 Days To Spare

It was adopted on 14 April 2016 and after a 2-year transition period it becomes enforceable on 25 May 2018. Yet despite this timeframe, ICANN only approved a Temporary Specification for gTLD Registration Data to comply with the European Union’s General Data Protection Regulation on 17 May, with a draft published on 11 May. But it only gives registries and registrars 7 days to finalise and implement changes to their systems, or 14 days if they started when the draft was published. That is if they waited for ICANN’s snail-like process to take place.

The GDPR has been developed by the European Commission to give individuals more control over their data that businesses hold, including domain name Registries and Registrars. It also applies to businesses outside of the EU that hold data on citizens and residents of the EU. It’s impact is far-reaching and penalties for breaches are severe – fines of up to €20 million or up to 4% of the annual worldwide turnover, whichever is greater.

ICANN’s approval of a Temporary Specification [pdf] is the result of 12 months of consultation with the community and “is an important step towards bringing ICANN and its contracted parties into compliance with GDPR,” said ICANN’s Chair Cherine Chalaby. “While there are elements remaining to be finalised, the adoption of this Temporary Specification sets us on the right path to maintaining WHOIS in the public interest, while complying with GDPR before its 25 May enforcement deadline.”

One can’t help but feel it’s an extraordinary failure by ICANN and the community given the time they’ve had to develop a solution. The Temporary Specification will be revisited by the ICANN Board in 90 days, if required, to reaffirm its adoption. And whether the Temporary Specification meets European Commission’s requirements remains to be seen. In early April the EC’s Article 29 Data Protection Working Party wrote to ICANN [pdf] noting they weren’t satisfied with what ICANN had then proposed.

So what will happen on 25 May? Registry Operators and Registrars will still be required to collect all WHOIS information for generic top level domains (gTLDs). However, WHOIS queries will only receive “Thin” data in return, which includes only technical data sufficient to identify the sponsoring Registrar, status of the registration, and creation and expiration dates for each registration, but not personal data. For third parties with legitimate interests in gaining access to the non-public data held by the Registry Operator or Registrar, there are still ways to access that data. Queries can be made through the sponsoring Registrar and they are obligated to respond in a reasonable time. If a response is not received, ICANN will have a complaint mechanism available. If it is thought individual parties are not complying with their obligations under these temporary specifications or their agreements with ICANN, ICANN’s Contractual Compliance Department can be contacted to file a complaint.

The changes are not unlike those being implemented by several European country code top level domain (ccTLD) registries. And while quite a few Registries and Registrars will have been waiting (or rather sweating) on ICANN’s announcement this week, some decided they couldn’t wait and have been developing solutions on what they believed ICANN’s response would have been.

Within Europe, some ccTLDs, such as the Austrian registry nic.at have implemented a “thin” model for individuals registering domain names, but legal entities or businesses will continue to have “thick” WHOIS data published. Others such as DENIC, the German ccTLD registry, will only record the contact details of the domain name registrant, two additional email addresses as contact points for abuse reports and general and technical requests as well as the usual technical domain data, which is similar to the ICANN model.

Registrars are frustrated. One, the German EPAG, which is part of the Tucows group, spoke of their frustrations to Domain Pulse at the Domain Pulse conference (unrelated) in Munich in February.

“We wish that ICANN had started work on this a year ago,” said Ashley La Bolle, Managing Director of EPAG Domainservices GmbH. “Of course, we will try to accommodate changes, but in absence of new consensus policies, we have to develop solutions that we believe will ensure our own compliance with the law.”

“The domain industry has been really late to the game on GDPR implementation,” La Bolle went on to say. She noted how frustrating it was that the entire industry was slow to develop solutions and that solutions were only beginning to be finalised back then. The changes require significant resources to be thrown at implementing changes. In an industry that operates on razor-thin margins, it’s not an ideal situation.

“The GDPR requires contracts to be revised, additional staff training, and customer education. Our approach has been to change our systems and processes to handle as much of the impact of the GDPR as possible so that our customers can continue to use our services as they always have.”

It has also been claimed that the changes will be a boon for cybercriminals. While Krebs on Security admit that while “cybercriminals don’t use their real information in WHOIS registrations … ANY information they provide — and especially information that they re-use across multiple domains and cybercrime campaigns — is invaluable to both grouping cybercriminal operations and in ultimately identifying who’s responsible for these activities.” And while some cybercriminals do take advantage of privacy protection services, “based on countless investigations I have conducted using WHOIS to uncover cybercrime businesses and operators, I’d wager that cybercrooks more often do not use these services.”

Krebs also notes that while “it is true that the European privacy regulations as they relate to WHOIS records do not apply to businesses registering domain names … the domain registrar industry — … operates on razor-thin profit margins and which has long sought to be free from any WHOIS requirements or accountability whatsoever. Krebs believes they “won’t exactly be tripping over themselves to add more complexity to their WHOIS efforts just to make a distinction between businesses and individuals.”

“As a result, registrars simply won’t make that distinction because there is no mandate that they must. They’ll just adopt the same WHOIS data collection and display polices across the board, regardless of whether the WHOIS details for a given domain suggest that the registrant is a business or an individual.”

.IS, .NO and .UK Announce How They’ll Comply With the EU’s GDPR

The GDPR is coming and a number of ccTLD registries are giving registrars heart palpitations. It’s a month till the European Union’s General Data Protection Regulation comes into play and the Icelandic, Norwegian, Slovakian and United Kingdom ccTLD operators are only just announcing how they’ll deal with it.

For Iceland’s .is they will stop publishing names, addresses and telephone numbers of personal contacts by default from the ISNIC WHOIS database. For individuals who wish to continue to publish their information, they must log in, go to “My Settings” and select “Name and Address Published”.

ISNIC will however, at least for the time being, continue to publish email addresses, country and techincal information of all NIC-handles associated with .is domains. Those customers (individuals) who have recorded a personally identifiable email address, and do not want it published, will need to change their .is WHOIS email address to something impersonal. However the Icelandic country code top level domain isn’t happy with the new regulation. They note the GDPR “will neither lead to better privacy nor a safer network environment.”

For the sake of the internet community, e.g. Individual users, Service Providers, Hosting Companies, and many other stake holders, ISNIC will continue to publish email addresses and the country name of all contact types until further notice.

For NORID, the registry for Norway’s .no, they have made a few changes to their policies that come into effect on 5 May. NORID state they will “only collect data that we need, and that the domain holder shall be informed about which data is being processed by Norid. Starting on 5 May, we will collect less data about the holder than what we currently do.” Following consultation with the with the Norwegian Data Protection Authority, NORID will launch a new version of WHOIS on 22 May.

And Nominet, the .uk registry, has announced their changes. Following a consultation period that outlined their proposed changes that were published for comment between 1 March and 4 April, Nominet have announced that:

  • Registrant data will be redacted from the WHOIS from 22 May 2018, unless explicit consent has been given.
  • Law enforcement agencies will nonetheless be able to access all registry data via an enhanced Searchable WHOIS service available free of charge.
  • Other interested parties requiring unpublished information will be able to request access to this data via our data disclosure policy, operating to a 1 working day turnaround.
  • The registration policy for all .UK domains will be standardised – replacing the separate arrangements currently in operation for second and third-level domains.
  • The .UK Registrar Agreement will be updated, renamed the .UK Registry-Registrar Agreement, and will include a new data processing annex.
  • The existing Privacy Services framework will cease to apply.

“We have taken a conservative approach to publishing data, to ensure that we do not fall foul of the new legislation,” said Nominet COO Ellie Bradley. “While, as a result, we will be publishing less data on the WHOIS – we have comprehensive procedures already in place that ensure that we will continue to respond swiftly to requests for information to pursue legitimate interests.”

The proposals also outlined an approach to replacing the existing privacy services framework with recognition of a Proxy Service offered by registrars. In response to the feedback, Nominet has decoupled this proposal from the bulk of the GDPR-related changes and will consult further on this topic in June 2018.

CoCCA Software Update Allows Registry Partners to be GDPR-Compliant

CoCCA will be updating its backend registry software to enable its registry partners to be GDPR-compliant in time for the European Union’s General Data Protection Regulation (GDPR) that comes into effect on 25 May.

The principle of data minimisation, where only personal data that is adequate, relevant and necessary is collected, retained and disclosed has been adopted by the ccTLD managers using CoCCA shared infrastructure of the following ccTLDs: .af, .cx, .gs, .gy, .ht, .hn, .ki, .kn, .sb, .tl, .kn, .ms, .nf.

For the above ccTLDs, as of 15 May the only data collected from domain name registrants will be:
only registrant contact details are required, administrative, technical and billing contacts are optional.
existing administrative, technical and billing contacts may be deleted by registrars.
registrars will be able to associate two email addresses directly with a domain (for abuse reports and technical queries), these emails will be publicly disclosed.

Regarding data disclosure:

  • if a data subject is an EU resident or a non-EU resident who uses an EU registrar (or one of their resellers) personal data (name, email, phone and physical address) will be redacted from publicly available interfaces. For the avoidance of confusion, personal data will be redacted based both on the declared address of the contact and the location of the registrar.
  • if a data subject resides outside the EU and uses the services of a registrar outside the EU the personal data disclosure will not be impacted by GDPR.
  • if personal data has been redacted and the data subject would like to disclose it, the data subject will be provided with tools by CoCCA to disclose the redacted data.
  • if personal data has not been redacted and the data subject believes it should be (for example, a citizen of an EU country residing overseas), the data subject will be provided with tools by CoCCA to redact their personal data.

Access to redacted data will be available for:

  • law enforcement and the Secure Domain Foundation will be able to access redacted data via RDAP and port 43 WHOIS.
  • intellectual property owners or other entities who have a legitimate interest in redacted data will be able to order historical abstracts online for a nominal fee (provided they sign an attestation).

An updated version of the CoCCA software containing multiple GDPR configuration options will be released on 20 April with CoCCA able to assist registry operators to upgrade and configure their registry software to align with their GDPR compliance efforts.

CoCCA advise that it should not be assumed that all registry operators using CoCCA Tools will patch and configure the software for GDPR compliance. There are many registry operators who use dated and unsupported versions of CoCCA Tools.

ICANN Receives Data Protection/Privacy Guidance from Article 29 Working Party

ICANN today announced that it has received a letter from the Article 29 Working Party (WP29) [PDF, 400 KB] that provides guidance on the European Union’s General Data Protection Regulation (GDPR) and its impact on the collection, retention and publication of domain name registration data and the WHOIS system. ICANN organization’s response to the letter from the Article 29 Working Party will be published shortly here.

“We appreciate the guidance provided by the Article 29 Working Party on this important issue and have accepted an invitation to meet with the WP29 Technology Subgroup in Brussels on 23 April for further discussions,” said Göran Marby, ICANN president and CEO. “However, we are disappointed that the letter does not mention our request for a moratorium on enforcement of the law until we implement a model. Without a moratorium on enforcement, WHOIS will become fragmented and we must take steps to mitigate this issue. As such, we are studying all available remedies, including legal action in Europe to clarify our ability to continue to properly coordinate this important global information resource. We will provide more information in the coming days.”

A moratorium on enforcement action by DPAs would potentially allow for the introduction of an agreed-upon accreditation model and for the registries and registrars to implement the accreditation model in conjunction with the measures in the agreed final interim compliance model. It will also allow for reconciliation between the advice ICANN has received from its Governmental Advisory Committee (GAC) and the Article 29 Working Party. Unless there is a moratorium, we may no longer be able to give instructions to the contracted parties through our agreements to maintain WHOIS. Without resolution of these issues, the WHOIS system will become fragmented until the interim compliance model and the accreditation model are implemented.

A fragmented WHOIS would no longer employ a common framework for generic top-level domain (gTLD) registration directory services. Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law.

“In parallel, we will carefully consider this advice, along with all of the input we have received from the multistakeholder community, before making changes to the current iteration of the proposed interim model,” Marby continued. “As a part of this, we will explore all options as we continue dialogues with DPAs and the interested parties that comprise the multistakeholder community.”

It’s important to balance the right to privacy with the need for information. While ICANN recognizes the importance of the GDPR and its goal of protecting personal data, parts of the ICANN community have noted the negative impact of a fragmented WHOIS. For example, it will hinder the ability of law enforcement to get important information and the anti-spam community to help ensure the Internet protects end-users. It will also:

  • Protect the identity of criminals who may register hundreds of domain names specifically for use in cyberattacks;
  • Hamper the ability of consumer protection agencies who track the traffic patterns of illicit businesses;
  • Stymie trademark holders from protecting intellectual property; and
  • Make it significantly harder to identify fake news and impact the ability to take action against bad actors.

These are just a few examples from a long list of potentially adverse scenarios.

Marby also requested that the DPAs include ICANN in any proceedings relating to WHOIS, and asks that it be included in all discussions and actions of the privacy regulators with the other WHOIS data controllers. He also said that ICANN org is continuing its efforts to prepare for implementation of a new model. Additional information on ICANN’s data protection/privacy activities, including legal analyses, proposed compliance models, and community feedback is published here.

We encourage the community to provide feedback and continue our dialogues on future activities. You may share your views with us via email at gdpr@icann.org.

About ICANN

ICANN’s mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2018-04-12-en