Tag Archives: General Data Protection Regulation

Meta May Allow Instagram and Facebook Users in Europe to Pay to Avoid Ads: subscription plan is a response to EU policies and court rulings to restrict Meta’s data-collection practices.

Meta is considering paid versions of Facebook and Instagram that would have no advertising for users in the European Union, three people with knowledge of the company’s plans said, a response to regulatory scrutiny and a sign that how people experience technology in the United States and Europe may diverge because of government policy.

Continue reading Meta May Allow Instagram and Facebook Users in Europe to Pay to Avoid Ads: subscription plan is a response to EU policies and court rulings to restrict Meta’s data-collection practices.

Meta’s Ad Practices Ruled Illegal Under E.U. Law

Meta suffered a major defeat on Wednesday that could severely undercut its Facebook and Instagram advertising business after European Union regulators found it had illegally forced users to effectively accept personalized ads.

Continue reading Meta’s Ad Practices Ruled Illegal Under E.U. Law

M3AAWG/APWG Report Finds GDPR Impact on WHOIS Impedes Criminal Investigations

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and The Anti-Phishing Working Group (APWG) have again collaborated to conduct a survey of cyber investigators and anti-abuse service providers to understand how ICANN’s application of the European Union’s General Data Protection Regulation (GDPR) has impacted on the distributed WHOIS service and anti-abuse work. The resulting report, published in June, discusses the effect of the Temporary Specification on anti-abuse actors’ access and usage of domain name registration information, which is central for various types of investigations.

Continue reading M3AAWG/APWG Report Finds GDPR Impact on WHOIS Impedes Criminal Investigations

DENIC-Chef Jörg Schweiger spricht über DENIC, Sicherheit, neue TLDs, ICANN, DSGVO und die Zukunft der Domains

Im Januar gab Jörg Schweiger, von 2007 bis 2014 CTO und seit 2014 CEO der DENIC, bekannt, dass er im Dezember von seinem Amt zurücktritt. Das ist eine lange Zeit, und die Domainbranche hat sich sehr stark entwickelt. Wir haben Jörg Schweiger ein paar Fragen zu seiner Zeit bei der DENIC und den Veränderungen, die er erlebt hat, gestellt.

Jörg Schweiger ist einer dieser Menschen, die einen mit einem freundlichen Lächeln einnehmen, immer offen für den Dialog. Als wir ihm also ein paar Fragen stellten, antwortete er mit einigen aufschlussreichen Ansichten darüber, warum er der Meinung ist, dass die neuen TLDs eine große Chance verpasst haben, wie wichtig Sicherheit und Zuverlässigkeit für die DENIC ist und welche Herausforderungen die Datenschutzgrundverordnung (DSGVO oder GDPR) sowie die Zukunft der Domainnamen mit sich bringen. Jörg fragt sich sogar, ob ICANN angesichts des Kostendrucks, der anstehenden globalen Regulierungsinitiativen und der unterschiedlichen Ansichten in ihrer “breiten, vielschichtigen Community” weiterhin ihre (klar umrissene) Aufgabe erfüllen kann.

Continue reading DENIC-Chef Jörg Schweiger spricht über DENIC, Sicherheit, neue TLDs, ICANN, DSGVO und die Zukunft der Domains

Three years of GDPR: the biggest fines so far

It’s been three years since the introduction of Europe’s data privacy and security law on 25 May 2018.

GDPR governs the way organisations that operate within the EU can use, process and store consumers’ personal data.

Continue reading Three years of GDPR: the biggest fines so far

Europe’s Privacy Law Hasn’t Shown Its Teeth, Frustrating Advocates

[New York Times] When Europe enacted the world’s toughest online privacy law nearly two years ago, it was heralded as a model to crack down on the invasive, data-hungry practices of the world’s largest technology companies.

Now, the law is struggling to fulfill its promise.

Continue reading Europe’s Privacy Law Hasn’t Shown Its Teeth, Frustrating Advocates

Chris Disspain Looks At The Highlights of 2019 And What His Final Year On The ICANN Board Might Hold

In the latest Domain Pulse Q&A series looking at the year in review and year ahead, we speak to ICANN board member Chris Disspain. Chris discusses the progress of the next round of new gTLD applications, the challenges of GDPR has thrown at ICANN relating to WHOIS, a 2019 highlight being finalisation of the new strategic plan especially in the way the ICANN community focused and pulled together to get it done and then what the future may hold for him after he completes his term on the ICANN board. He also would like to see a little more kindness “in the ICANN context”.

Domain Pulse: What were the highlights, lowlights and challenges of 2019 in the domain name industry, both for you and/or the industry in general?

Chris Disspain: The challenge of GDPR and its relevance to WHOIS has consumed an immense amount of time in 2019. And universal acceptance is a real issue for many especially but not exclusively in the IDN world.

The finalisation of the new strategic plan has been a highlight especially the way that the ICANN community focused and pulled together to get it done. And the streamlining of reviews work!

There are always lowlights. Calling them out isn’t necessarily helpful.

DP: What are you looking forward to in 2020?

CD: Enjoying my last year as a board member, making a difference and riding off into the sunset….. only to return later in 2021 wearing a different hat…..Or perhaps not!

DP: What challenges and opportunities do you see for the year ahead?

CD: Every issue has both a challenges and opportunities  … Some examples for us are GDPR, various contractual matters, the sub-pro work, ccNSO work on retirement of ccTLDs, the ongoing work on IGOs acronyms, the ongoing community work-load and so on.

DP: How have new gTLDs fared in 2019?

CD: Some good, some bad I expect. But given that different gTLDs have different measures of success that’s quite a hard question to address. A brand likely doesn’t care about registration levels. A geographic may have a limited market and be happy with that. I guess the only real test will be to see what sort of applications come in in a next round.

DP: What progress do you see on a new round of applications for new gTLDs in 2020?

CD: Significant but it’s a long track that needs to be carefully navigated. As a board member (actually the only current board member) who was on the board from the beginning of the last gTLD round I know many of the issues that will need to be dealt with in the updated policy. Some of these are complicated and contentious but I’m hopeful that with the extraordinary work of the Sub-pro WG and the support of the community generally we’ll get there reasonably soon.

DP: What one thing would you like to see addressed or changed in the domain name industry?

CD: Well, in the ICANN context, I think a little more kindness would be good. And a ‘fix’ for the structural challenges within the GNSO would make a huge difference to the ability of the ICANN multi-stakeholder model to deal effectively and efficiently with the constantly changing industry dynamic.

Chris was also the founding CEO of Australia’s ccTLD policy and regulatory body, auDA.

Previous Q&As in this series were with:

Q&As in the 2019 series were with:

  • EURid, manager of the .eu top level domain (available here)
  • Katrin Ohlmer, CEO and founder of DOTZON GmbH (here)
  • Afilias’ Roland LaPlante (here)
  • DotBERLIN’s Dirk Krischenowski (here)
  • DENIC (here)
  • Internet.bs’ Marc McCutcheon (here)
  • nic.at’s Richard Wein (here)
  • Neustar’s George Pongas (here)
  • CentralNic’s Ben Crawford (here)
  • CIRA’s David Fowler (here)
  • Jovenet Consulting’s Jean Guillon (here)
  • GGRG’s Giuseppe Graziano (here)
  • Blacknight Solutions’ Michele Neylon (here)
  • Public Interest Registry’s President and CEO Jon Nevett (here)
  • ICANN board member Chris Disspain (here).

US Government Reiterates Opposition to Changes to WHOIS Resulting From EU’s GDPR

The US government continues to be opposed to changes to Whois that they believe will have little benefit for consumer privacy and major benefits for cyber-criminals. The comments were made, again, in a speech by the the NTIA’s Assistant Secretary of Commerce for Communications and Information, David J. Redl, at a FDA Online Opioid Summit in Washington, D.C. on 2 April.

In his speech, Redl said “the WHOIS is a resource that, prior to the GDPR, provided public access to domain name registration information, including contact information for the entity or person registering the domain name. This information is a critical tool that helps keep people accountable for what they do and put online. Law enforcement uses WHOIS to shut down criminal enterprises and malicious websites, including those that illegally sell opioids. Cybersecurity researchers use it to track bad actors. And it is a first line in the defense of intellectual property protection, including the misuse of opioid brand names.”

The European Union’s General Data Protection Regulation has been developed by the European Commission to give individuals more control over their data that businesses hold, including domain name Registries and Registrars. It also applies to businesses outside of the EU that hold data on citizens and residents of the EU. It’s impact is far-reaching and penalties for breaches are severe – fines of up to €20 million or up to 4% of the annual worldwide turnover, whichever is greater.

“Unfortunately, when GDPR went into effect, those companies responsible for providing WHOIS stopped publishing much of the data because they feared it would make them vulnerable to the massive fines GDPR imposes for privacy violations. The U.S. government’s position on this is clear: the loss of a public WHOIS without a predictable and timely mechanism to access redacted information has little benefit for consumer privacy, and major benefits for cyber-criminals.”

But Redl says there has been some progress on this issue within ICANN. “First, ICANN put in place last year a temporary policy that clarified that WHOIS data should continue to be collected and reasonable access should be provided. This kicked off an intensive global multistakeholder discussion about how to develop a long-term solution. NTIA continues to actively push U.S. interests in these discussions. In March, policy recommendations were finalised and submitted to the ICANN Board for approval.”

Redl says he wants “to congratulate the people who have worked on developing these policy recommendations for how to handle the processing of WHOIS information in a manner that is compliant with GDPR. This was the first step we needed to ensure that the WHOIS system is preserved.”

“However, it must be noted, issues remain. Yet to be addressed is development of a technical solution, and policies associated with disclosure and access to non-public WHOIS information.  Now it is time to deliberately and swiftly create a system that allow for third parties with legitimate interests, like law enforcement, IP rights holders, and cybersecurity researchers to access non-public data critical to fulfilling their missions. NTIA is expecting this second phase of the discussion to kick off in earnest in the coming weeks, and to achieve substantial progress in advance of ICANN’s meeting in Montreal in November.

Redl concluded by saying the “NTIA remains a staunch defender of the free and open Internet. That’s not going to change. But we also aren’t going to turn a blind eye to the real issues that are raised by this freedom and openness.”

“We reject the notion that a free and open Internet must tacitly condone illegal activity. We believe there’s a path to solving these issues without turning our backs on innovation and prosperity. And that path begins with honest discussions and debates, with compromise and collaboration. So if you have concerns or solutions you’d like to offer, I invite you to talk to NTIA. We welcome all thoughtful approaches to building the Internet of the future.”

ICANN: Deadline Extended: Expressions of Interest Sought for Chair of GNSO EPDP on the Temporary Specification for gTLD Registration Data – Phase 2

The Generic Names Supporting Organization (GNSO) is extending the deadline for submitting expressions of interest (EOIs) to chair Phase 2 of the Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data to Monday, 8 April 2019. Learn more about the background by reading the announcement here.

Following the initial discussions of the EPDP Team during ICANN64 (March 2019) in Kobe, Japan, the GNSO Council leadership would like to provide some further details in relation to the expected workload and pace for Phase 2:

  • The topics to be addressed in Phase 2 have been mapped out on the EPDP Team Phase 2 Mind Map.
  • Following the appointment of the EPDP Team Chair, the EPDP Team is expected to commence with 90-minute weekly meetings (potentially on Tuesday or Thursday at 14:00 UTC) but with the possibility to increase the frequency. Additional meeting(s) may be purposed for either another weekly plenary session that would focus on a different stream of work or small team(s) meetings.
  • Although there is agreement on the importance and urgency of addressing the topics in Phase 2, there is also general agreement that it is not sustainable to continue on the same pace and intensity of work as for Phase 1.
  • Additional resources, such as mediation support, are expected to be made available to support the EPDP Team Chair, in addition to the support that is already being provided by policy staff. Candidates are encouraged to include in their EOI if there is any type of support or resource that is considered essential in supporting the EPDP Team Chair in his/her role.
  • In light of this new information, the deadline for expressions of interest has been extended to Monday, 8 April 2019

About EPDP

On 17 May 2018, the ICANN Board approved the Temporary Specification for gTLD Registration Data. The Board took this action to establish temporary requirements for how ICANN and its contracted parties would continue to comply with existing ICANN contractual requirements and community-developed policies related to WHOIS, while also complying with the European Union’s General Data Protection Regulation (GDPR). The Temporary Specification has been adopted under the procedure for Temporary Policies outlined in the Registry Agreement (RA) and Registrar Accreditation Agreement (RAA). Following adoption of the Temporary Specification, the Board “shall immediately implement the Consensus Policy development process set forth in ICANN’s Bylaws.” This Consensus Policy development process on the Temporary Specification would need to be carried out within a one-year period. Additionally, the scope includes discussion of a System for Standardized Access to Non-Public Registration Data. However, the discussion of a Standardized Access System will occur only after the EPDP Team has comprehensively answered a series of “gating questions” and non-objection by the GNSO Council.

About ICANN

ICANN’s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2-2019-03-25-en