EUROPEAN REGIONAL AT-LARGE ORGANIZATION (EURALO)
HOT TOPICS – 2018-2019
Document Reference: AL-RALO-EURALO-DOC-1906 -01-00-EN
The European Regional At-Large Organization (EURALO) unites European voices of ICANN’s At- Large community, including Internet-related civil society and consumer interest groups, to ensure their views are included in the bottom-up, consensus-based, multistakeholder ICANN policy development process.
The current membership of EURALO includes more than 35 organizations working on Internet-focused issues, including Internet Society (ISOC) chapters and consumer groups across Europe. They are formed into individual At-Large Structures.
EURALO is governed by its own organizing documents, including a Memorandum of Understanding with ICANN.
Playing a key role in ICANN’s regional strategies, EURALO partners with ICANN staff departments to facilitate the development of critical infrastructure for the Domain Name System.
Including the long term relationship with EuroDIG, the European Dialogue in Internet Governance (aka the European IGF) as a EuroDIG Partner.
Including the forthcoming Memorandum of Understanding with Europe’s Regional Internet Registry RIPE.
This report identifies the key ICANN-related policy issues for EURALO and European end users in general, as well as outreach and engagement activities conducted by EURALO members.
POLICY ISSUES FOR EUROPEAN END USERS
1. Registrar Data Retention Waiver Request & WHOIS/RDS Conflict with National Privacy Law / General Data Protection Regulation (GDPR)
o Independent registrars under contract with ICANN manage the WHOIS/RDS data. Required by ICANN’s AoC, registrars need to provide unrestricted, public access to this information.
o When the collection and/or retention of individual registrants’ data is in conflict with national privacy laws, the Data Retention Specification of the 2013 Registrar Accreditation Agreement allows registrars to request a waiver request .
o However, the ICANN process of handling those requests has been problematic. It won’t be triggered until a given registrar is served the legal notice from its national government for breaking the privacy law. This likely incurs unnecessary costs and legal headaches for registrars. In addition, ICANN has been treating those requests on a case by case basis, which is not efficient or preemptive.
Why should European end users care?
o Many European countries have a strong emphasis on data protection and individual privacy in their national laws.
o Often affected by the conflict between the WHOIS/RDS obligations and national laws, European registrars have to request the Data Retention Waiver. Individual registrants eventually need to shoulder the legal charges associated with the waiver requests and potential lawsuits.
o The ALAC is keen on advising ICANN to improve the Registrar Data Retention Waiver Request process and to develop a preemptive solution that minimizes the legal, financial, and operational impact on non-US registrars. EURALO members are taking a lead on drafting an advice statement on behalf of the ALAC on this topic.
● The General Data Protection Regulation (GDPR) affects every company that handles personal information from European Citizens or Residents
● European users - both commercial and non-commercial have the most offer in the ongoing global dialogue on GDPR compliance. EURALO might consider increasing its voice in this debate building upon the European experience in balancing privacy and security. This can be done through both: reaching out to ALSes for their experiences in implementing GDPR and by providing expert advice to European and non-European users on the ideology behind the Regulation as well as its day-to-day implementation in Europe.
o Although there were discussions of the incorporation of ICANN under other legal system, such as Swiss not-for-profit, CCWG-Accountability Work Stream 1 did not make an explicit, jurisdiction-related proposal toward the globalization of ICANN.
o Within Work Stream 2, the primary jurisdiction issue to be investigated is the process for the settlement of disputes within ICANN, involving the choice of jurisdiction and of the applicable laws, but not necessarily the location where ICANN is incorporated.
2.1 Rule of law in the multistakeholder community
This topic builds upon the work done by the CCWG on jurisdiction and attempts to trace the limits of ICANN’s authority with regard to internet resources. ICANN has long been balancing on the fence of national laws, community standards and international law and policy. Following the 2017 “Recommendations on ICANN Jurisdiction” [ https://www.icann.org/news/announcement-2017-11-14-en ] this topic explores further the current limits of ICANN’s remit, linking it closely to such pertinent issues as privacy, data protection and freedom of expression. As per ICANN Bylaws, it is obliged to abide by international law, one that provides clear stipulations on hate speech, preventing transboundary crime and, last but not least, due process. The existing paradigm of ISP liability, with regard to both: infrastructure and content, has long been subject to well justified critique, focused on ill-balance between users and service providers. This topic seeks a more nuanced answer to questions enhancing ICANN's accountability, referring to existing international law standards, in particular those on human rights, due diligence and international liability for transboundary harm.
Why should European end users care?
o The affordability of legal actions both in terms of costs and in terms of understanding of legal system has impact on European end users, especially individual registrants.
o As European registries and registrars have to deal with legal matters, or at least some components of those, within the US legislation, European registrants will eventually shoulder the costs.
o It is to European users’ interests to conduct substantive examination of alternative jurisdictions that would level the playing field.
3. Human Rights
o In accordance with the CCWG-Accountability Work Stream 1 Recommendation 06, ICANN’s Bylaws were amended in 2016 to include ICANN’s commitment to respect Human Rights in order to comply with the NTIA criteria to maintain the openness of the Internet.
o This provision clarifies that no Independent Review Process (IRP) challenges can be made on the grounds of this Bylaw until a Framework of Interpretation on Human Rights (FOI-HR) is developed and approved as part of Work Stream 2 activities.
o A “Human Rights Subgroup” was formed as part of CCWG-Accountability Work Stream 2 to develop the aforementioned Framework of Interpretation, which will activate ICANN’s Human Rights Core Value. Final Board approval for the CCWG-Accountability Recommendations is expected in the first half of 2019.
o In August 2017, independently from the work of CCWG-Accountability Human Rights sub team and before the adoption of the FOI-HR, ICANN published a request for proposal to find a provider to conduct an independent internal Human Rights Impact Assessment (HRIA) of ICANN's organizational operations. The HRIA is scheduled to wrap up before March 2019. Notably, this HRIA will only cover ICANN Org’s operations related to meeting organization, office management, etc.
o Efforts to develop human rights impact assessment models for global DNS policy are ongoing within the Cross-Community Working Party on ICANN and Human Rights ( CCWP-HR ). This could be a useful tool to operationalize the Human Rights Bylaw, as well as a systematic way to assess potential impacts and consider empirical evidence during the policy development process.
Why should European end users care?
o Europe has been a world leader in placing human rights at the center of the framework of principles and obligations that shape relations within the international community (for example, GPDR).
o The Universal Declaration of Human Rights was adopted by the UN General Assembly in Paris in 1948 and René Cassin of France was one of the main drafters. The European Convention on Human Rights (1952) and the Charter of Fundamental Rights of the European Union (2000) are among the highly regarded international human rights law and conventions. To promote, protect, and develop human rights and rule of law has been one of the key agendas of the Council of Europe.
o Within ICANN processes, Europeans have been leading or playing an active role in the CCWG-Accountability Work Stream 2 Human Rights Subgroup , the CCWP-Human Rights , and the GAC Working Group on Human Rights & International Law .
3.1. Balancing privacy and security
4. How ICANN Aims to Defend the Public Interest
o The discussions on the topic of the “ public interest within ICANN’s remit ” and potential definitions of this term have been ongoing for years.
o While ICANN's Bylaws define Core Values that are either meant to 'ascertain the global public interest' or be 'beneficial to the public interest as identified through the bottom-up, multistakeholder policy development process', the notion of 'public interest' is often contested by stakeholder groups and constituencies. ICANN’s Strategy Panel on Public Responsibility attempted to define the global public interest in relation to the Internet, but its report received mixed reviews.
o As the Internet has become a critical part of the global public sphere, and the influence of commercial interests and state powers has been increasing, stakeholders need to work together and form a comprehensive vision on the Internet that addresses the protection of civil liberties, such as free speech and privacy.
o Within the ICANN context, there is a pressing need to devise mechanisms to effectively address the public interest, counterbalancing the commercial pressure.
Why should European end users care?
o The domain name industry is primarily dominated by big commercial players in the North American region. European end users’ interests may be negatively affected when there is a conflict with the commercial interests.
o Many European countries have references in public laws and constitutions that trace the origin, evolution, and adoption of the public interest. Europeans need to contribute their experience and knowledge and help make the protection of public interest a guiding principle for ICANN’s policy development.
o Since its creation, EURALO has advocated for related principles such as Open Access, Free Software, and Creative Commons. Its leaders also drafted the thesis paper on public interest and led the creation of the At-Large Public Interest Working Group .
o One sub-topic of the public interest within ICANN’s remit is the Public Interest Commitments (PICs) , especially pertaining to the Category 1 TLDs defined by the GAC. This has been a core issue for both the At-Large Community and the GAC; Megan Richards from the European Commission has been co-leading an informal community collaborative group on this topic, and EURALO members have actively taken part in this group.
● With the EU proposal for a new Copyright Directive offering a new approach to innovation and protection of intellectual property, EURALO’s input into the ongoing debates on new economic models for copyright and intellectual property is more timely than ever. 
Follow-up Action Item: try to understand and find out how At-Large can tap input from its ALSes - perhaps through public surveys
5. Universal Acceptance including Internationalized Domain Name (IDN) Projects in Cyrillic, Greek, and Latin Scripts etc.
o In light of the rollout of new gTLDs, among which more than 100 are IDN gTLDs, ICANN facilitates the work of Generation Panels (GP), which consist of linguistic and technical experts, to set the Label Generation Rules (LGR) for the Root Zone.
o With regard to the European language scripts, the Cyrillic GP has been seated and started their work, the formation proposal of the Greek GP is pending ICANN’s approval, and the formation proposal of the Latin GP is under development.
o Some EURALO members, who have strong links to their national governments and/or domain name industry representatives, have been involved in these GPs.
● A session has taken place at EuroDIG where the user perspectives have been discussed
● The issue of IDN has been brought up at IGF Paris in the session dedicated to local content as a factor that is affecting the user experience
● The activity so far is focused almost exclusively on the DNS, but there are many issues related to non-ASCII scripts in other domains, like for instance search engines that are not being sufficiently investigated.
Why should European end users care?
o The work of those GPs would make the implementation of IDNs in Cyrillic, Greek, and Latin scripts at the top level a reality.
o Those IDN TLDs would give non-English speaking European users the same rights to access the web in their native tongue, making it easier for them to remember websites and promote local content via service providers likely in their own countries.
o It will likely increase the Internet penetration in emerging economies where English is not the primary language.
● While the technical progress is of the paramount importance, we should not forget that what counts in the end is the improvement of the user experience, and therefore the voice of the users is important.
6. The multistakeholder and multilateral models of Internet Governance (based on the follow-up to President Macron’s speech at the 2018 Internet Governance Forum in Paris)
● End user point of view - affirmation of basic rights & the rule of law
● The Internet is not a bipolar system
● The rule of law (or its absence)
If President Macron’s speech gave rise to some concerns, these were heard mainly on the side of large corporations, say in the USA, who reacted to the use of the R word, largely banished from their vocabulary. For some, Regulation is the beginning of Communism. From the standpoint of the global Internet user, I would point out the following features:
- Threats to the Internet and its users:
- Structural: the single, unique Internet is under the risk of breaking up into national segments or continental ‘’plates’'
- Cybercrime is a direct threat to physical security of the Internet, and to the continued availability of public services.
- The global Internet now needs ‘’decisive, but lucid action’’ in order to preserve or protect
- Ideals, values
- Net neutrality
- It is a falsehood to describe net neutrality as leading to the end of free thought. One must distinguish between neutrality and universality.
- In light of the above, it is time for us all to ‘’build a new space'', with
- ‘’an open and safe Internet’'
- With adequate respect for ideals and values
- In order to preserve the Internet and global users against these dangers, it has become necessary to set up some degree or regulation:
- Because governments espouse different values: some democratic, others far less so
- France was the first signatory of the ‘’Contract to Save the Internet’’ initiated by Tim Berners-Lee, with a view to protecting democracy
- It has become necessary to reach beyond the misleading alternative of ‘’complete self-regulation, or deregulation’’, and ‘’a segmented Internet controlled by authoritarian states’'
- Therefore, E. Macron is calling for a ‘’cooperative regulation’’, in the spirit of the growing movement towards sharing commons
- France, following Switzerland, will contribute to the implementation of such a ‘’cooperative regulatory’’ movement, as of 2019, on 3 main issues:
1) Protect private data (enhance protection through some regulatory mechanism), along the EU model
2) Ensure and enhance trust, stability and security in cyberspace; France supports the ‘’Paris Appeal for Trust and Security in Cyberspace’'
3) Preserve potential for creativity, invention and economic development
- In mid-2019, France will invite to Paris an international ‘’scientific council'’ on AI
- Conclusion, a quote from the late Kofi Annan: ‘’To cope with Internet in our lives, we need to be at least as creative as those who invented it.’’
 In line with the General Data Protection Regulation (GDPR), at the EU level it could be useful to monitor also other pieces of legislation currently under reform, such as the ePrivacy Directive - Regulation proposal. The ePrivacy Directive builds on the EU telecoms and data protection frameworks to ensure that all communications over public networks maintain respect for fundamental rights, in particular a high level of data protection and of privacy, regardless of the technology used. More info https://ec.europa.eu/digital-single-market/en/online-privacy