The At-Large Advisory Committee (ALAC) writes to provide its input on the European Union’s (E.U.’s) Working Party 29’s (WP29’s) letter to ICANN WP29 provided its opinion and recommendation on ICANN’s Interim Model for Compliance for WHOIS.  Although the ALAC continues to have concerns with the current iteration of the interim model, we also believe WP29’s recommendation places ICANN in an impossible situation where it listed out several recommendations that will be improbable  to accommodate given the timeline for the General Data Protection Regulation’s (GDPR’s) provisions to go into effect. The ALAC fears that ICANN will, in turn, avoid liability under the E.U. regulation by shutting down the WHOIS system until ICANN provides a permanent solution ensuring its compliance with the regulation. The ALAC proffers the following comments for ICANN’s consideration.

Defining Legitimate Purpose

The purpose of this interim model is to provide a temporary solution to comply with the E.U.’s GDPR that will be in full effect on May 25, 2018. Maintaining the integrity of the an individual’s personal information, either within the E.U. or outside of it, is a priority to the ALAC. WHOIS is a multifunctional enterprise that is invaluable for those attempting to protect their intellectual property rights and law enforcement. ICANN should promulgate a solution that balances the equities between protecting personal information that satisfies the requirements under the GDPR and the other essential functions of WHOIS to thwart IPR violations and other forms of law enforcement.

In its letter, WP29 lists out various amount of criticism of ICANN’s interim model and provides what it feels are measures by which ICANN can accommodate these criticism. For example, on issue of purpose specification, the WP29 believes the phrase “legitimate access..[to] accurate, reliable and uniform registration data” within the interim model’s text is too broad and would, thus, violate Article 5(1)(b) of the GDPR. WP29 recommends that ICANN better define the term “purposes” and take out the term “include” in this context to ensure that ICANN’s interim model meets the comprehensive-and-exhaustive standard under Article 5. Even though we believe that WP29’s recommendation is vague, the ALAC recommends that ICANN should reiterate its considerations for legitimate purposes under in its interim model, like allowing registrars to perform basic administrative functions and the protection against certain actions that would run afoul of other IPR rights (e.g., phishing attacks).

Retention Policy

WP29 criticizes ICANN’s interim model’s two year retention policy may not pass muster under 5(1)e of the regulation.  Thus, is perplexed why ICANN augmented its, initial, retention period of 60 days should be or provide insight as to why a two year policy is necessary satisfying article 5(2) of the GDPR. The ALAC does not take a particular position on a prescriptive timeframe, but believes that there exists legitimate reasons as to why a retention period past…is necessary to report and investigate crimes by a registrant. We believe there to be ample evidence for a retention policy to justify a retention policy of either 60 days or 2 years.  

The Use of Anonymized Emails to Address Concerns Related to Access to Non-Public WHOIS Data

The WP29 was welcomed the interim model’s tiered access mechanism generally, but it was concerned that certain details as to the justifications for granting access to non-public WHOIS data. The ALAC recommends that ICANN should look into the use of anonymized emails to address most of the concerns related to third-party access of such data. We believe it serves as a way for those whom feel as though their various rights have been violated to reach out to the necessary party, while not disclosing any personal information. Additionally, it allows the petitioning party to go through the accreditation process to seek the relevant data concurrently.

We appreciate the opportunity to share our views on this matter. Thank you in advance for your time and consideration on this important issue.

The At-Large Advisory Committee (ALAC) writes to provide its input on the European Union’s (E.U.’s) Working Party 29’s (WP29’s) letter to ICANN WP29 provided its opinion and recommendation on ICANN’s Interim Model for Compliance for WHOIS.  Although the ALAC continues to have concerns with the current iteration of the interim model, we also believe WP29’s recommendation places ICANN in an impossible situation where it listed out several recommendations that will be improbable  to accommodate given the timeline for the General Data Protection Regulation’s (GDPR’s) provisions to go into effect. The ALAC fears that ICANN will, in turn, avoid liability under the E.U. regulation by shutting down the WHOIS system until ICANN provides a permanent solution ensuring its compliance with the regulation. The ALAC proffers the following comments for ICANN’s consideration.

Defining Legitimate Purpose

The purpose of this interim model is to provide a temporary solution to comply with the E.U.’s GDPR that will be in full effect on May 25, 2018. Maintaining the integrity of the an individual’s personal information, either within the E.U. or outside of it, is a priority to the ALAC. WHOIS is a multifunctional enterprise that is invaluable for those attempting to protect their intellectual property rights and law enforcement. ICANN should promulgate a solution that balances the equities between protecting personal information that satisfies the requirements under the GDPR and the other essential functions of WHOIS to thwart IPR violations and other forms of law enforcement.

In its letter, WP29 lists out various amount of criticism of ICANN’s interim model and provides what it feels are measures by which ICANN can accommodate these criticism. For example, on issue of purpose specification, the WP29 believes the phrase “legitimate access..[to] accurate, reliable and uniform registration data” within the interim model’s text is too broad and would, thus, violate Article 5(1)(b) of the GDPR. WP29 recommends that ICANN better define the term “purposes” and take out the term “include” in this context to ensure that ICANN’s interim model meets the comprehensive-and-exhaustive standard under Article 5. Even though we believe that WP29’s recommendation is vague, the ALAC recommends that ICANN should reiterate its considerations for legitimate purposes under in its interim model, like allowing registrars to perform basic administrative functions and the protection against certain actions that would run afoul of other IPR rights (e.g., phishing attacks).

Retention Policy

WP29 criticizes ICANN’s interim model’s two year retention policy may not pass muster under 5(1)e of the regulation.  Thus, is perplexed why ICANN augmented its, initial, retention period of 60 days should be or provide insight as to why a two year policy is necessary satisfying article 5(2) of the GDPR. The ALAC does not take a particular position on a prescriptive timeframe, but believes that there exists legitimate reasons as to why a retention period past…is necessary to report and investigate crimes by a registrant. We believe there to be ample evidence for a retention policy to justify a retention policy of either 60 days or 2 years.  

The Use of Anonymized Emails to Address Concerns Related to Access to Non-Public WHOIS Data

The WP29 was welcomed the interim model’s tiered access mechanism generally, but it was concerned that certain details as to the justifications for granting access to non-public WHOIS data. The ALAC recommends that ICANN should look into the use of anonymized emails to address most of the concerns related to third-party access of such data. We believe it serves as a way for those whom feel as though their various rights have been violated to reach out to the necessary party, while not disclosing any personal information. Additionally, it allows the petitioning party to go through the accreditation process to seek the relevant data concurrently.

We appreciate the opportunity to share our views on this matter. Thank you in advance for your time and consideration on this important issue.