| Recommendation | Description | Phase |
|---|---|---|
| Recommendation 1 | Either reject the SSAD recommendations and/or request that the GNSO Council reconsider the issue, perhaps with a suitable delay to fully understand the potential changes to the GDPR-related regulations in Europe. | Phase 3 | Evaluate & Consider |
Recommendation 2 | Immediately have ICANN Org design and begin implementation of a no-charge ticketing/tracking system to track requests for disclosure of non-public gTLD registration information. Such a system has no need for accreditation, thus simplifying the implementation. This can likely be built upon existing components already in use within ICANN, or commercial solutions readily available. If a PDP is required to require that all contracted parties use it, such a targeted GNSO PDP should be initiated by the Board. Consideration should be given to having the ticketing/tracking system also apply to Privacy/Proxy providers. | Phase 3 | Evaluate & Consider |
| Recommendation 3 | Should regulations comparable to those related to domain name registration data in the NIS2 proposal be adopted by the European Union Council and Parliament, the ICANN Board should immediately consider initiating a targeted GNSO PDP to ensure that all ICANN registrars are subject to comparable rules. This will provide fairness within the registrar community and ensure that we do not end up with registrars outside of the EU being able to provide higher levels of anonymity to those registering domains in support of DNS abuse and other fraudulent or illegal activities. This last advice is not directly related to the SSAD, but the lack of an SSAD (or equivalent) implies that we need to maximize the amount of information legally published in the non-redacted RDDS. This is in line with ICANN’s original intent of “maintaining the existing WHOIS system to the greatest extent possible”. |
