Versions Compared

Old Version 10

changes.mady.by.user Marika Konings

Saved on

compared with

New Version 11

changes.mady.by.user Caitlin Tubergen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The latest Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion addresses the question of “whether or not logs of query activities concerning non-public data must be available to the registrant upon request except if prohibited by a relevant court order or legal requirement.” Please refer to Section 8 of the draft framework for more information on this topic. The draft framework is published for community discussion and to seek guidance from the European Data Protection Board. With a better understanding of the law, we will all be well positioned to develop, implement and enforce a legally sound, consistent unified model for access to non-public registration data, and lower the risk for the contracted parties in order for them to be able to accept such model.

7. The text in the preamble of Appendix C is simply an overview of the processing requirements that follows. The preamble does reference the GDPR, and it states that generally “terms with initial capital letters have the meaning given under the GDPR.” But we would need more clarity around what specific language in the preamble is seen to be similar to what specific language in the GDPR to be able to comment further on this question.

The text in the preamble of Appendix C is simply an overview of the processing requirements that follows. The preamble does reference the GDPR, and it states that generally “terms with initial capital letters have the meaning given under the GDPR.” But we would need more clarity around what specific language in the preamble is seen to be similar to what specific language in the GDPR to be able to comment further on this question.

8. Why did ICANN include the term content in 4.4.5?

To be clear, ICANN does not regulate content.

Section 4.4 lists purposes for processing personal data in registration data*. The processing activities in this section are not limited to ICANN's, they include the processing activities by Registrars and Registries and other third-parties. Section 4.4.5 says one of those purposes is “Enabling a mechanism for the communication or notification to the Registered Name Holder of technical issues and/or errors with a Registered Name or any content or resources associated with such a Registered Name.” For example, a law enforcement agent investigating potentially illegal content might use the registration data to identify and contact the registered name holder as part of the investigation. As a point of reference regarding processing by third parties, on 25 May 2018 the EDPB endorsed a statement of the WP29, which stated that the “WP29 expects ICANN to develop and implement a WHOIS model which will enable legitimate uses by relevant stakeholders, such as law enforcement, of personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those data.” <https://www.icann.org/en/system/files/files/statement-edpb-whois-27may18-en.pdf>  

 (*Note that Registration Data is defined in the Temporary Specification as “data collected from a natural and legal person in connection with a domain name registration.” This is broader than just data displayed in RDDS and includes all data collected in connection with the domain name registration.)


 


EPDB Advice

  1. Can ICANN summarize in some searchable form the contacts and engagements with the EDPB and/or other DPAs in relation to the Temporary Specification for gTLD Registration Data?

...