ICANN Blog

Sharing is caring!

ICANN Blog ICANN Blog

  • Data Protection and Privacy Update: Seeking Community Feedback on Proposed Compliance Models
    on January 12, 2018 at 8:00 am

    Happy new year to you all. We have kicked off 2018 by continuing our work on data protection and privacy issues. In particular, we are preparing for the 25 May 2018 enforcement date for the European Union's General Data Protection Regulation (GDPR). As I've previously written, we are working to ensure compliance with this law while maintaining access to WHOIS to the greatest extent possible. Our work in this area began when we asked the community for user cases and created a matrix of these different use cases about the personal data that gTLD registries and registrars collect, transmit or publish pursuant to ICANN agreements or policies. In the absence of a WHOIS policy, the user stories are essential for describing the many different uses of the WHOIS system. The matrix informed discussions about whether there were potential compliance issues under ICANN's agreements with registries and registrars because of the new law, and aided in our engagement with data protection authorities. On 2 November 2017, we published a Statement from Contractual Compliance, which indicated ICANN org would defer taking compliance action against any registry or registrar for noncompliance with contractual obligations related to the handling of registration data. To be eligible for this deferral, we asked ICANN's contracted parties and stakeholders to follow this process to submit proposed interim models for compliance. We've published those community-proposed models here. In parallel, we engaged the European law firm Hamilton to provide its legal analysis of these issues. The three-part assessment found in its first memo [PDF, 253 KB] that the WHOIS service in its current form must change. In the second part [PDF, 577 KB], Hamilton answered community questions about the law's applicability and scope. In its third analysis [PDF, 440 KB], Hamilton described how processing data within the scope of WHOIS could be changed to become compliant with the GDPR. We asked for your feedback on these analyses and published your input here. In December, I wrote that we were working to develop interim models for collecting registration data and implementing registration directory services that may be compliant with both the law and ICANN's contractual agreements. To be clear, these proposed models are meant to facilitate discussion and a final model decided on to be an interim solution. They do not replace any existing ICANN policy development work or policies. Today we published [PDF, 624 KB] for community input those three proposed discussion models for collecting registration data and implementing registration directory services. These models reflect discussions from across the community and with data protection authorities, legal analyses and the proposed models we have received to date. Please provide your input on these models. The input from the community will contribute to assessing the viability of each of the models. From that input either variations or modifications to one of these models will be identified at the end of January for the path forward. To help inform this, please provide your feedback by 29 January 2018. Please send your feedback to gdpr@icann.org. The three models are summarized at a high-level below. The models differ based on what contact information is displayed in the public-facing WHOIS, their applicability, the duration of data retention and what data is not displayed in a public-facing WHOIS: Model 1 would allow for the display of Thick registration data, with the exception of the registrant's phone number and email address, and the name and postal address of the technical and administrative contacts. To gain access to these non-public data points, third parties would be required to self-certify their legitimate interests for accessing the data. This model applies if the registrant is a natural person, and the registrant, registry, registrar and/or the data processor is in the European Economic Area. Model 2 would allow for the display of Thin registration data, as well as the technical and administrative contacts' email addresses. To access the non-public information registries and registrars would be required to provide access only for a defined set of third-party requestors certified under a formal accreditation/certification program. There are two variations on how this model would apply. Model 2A applies to registrants who are both natural and legal persons, where the registrant, registry, registrar and/or the data processor is in the European Economic Area. Model 2B would apply to registrants who are both natural and legal persons, where the registrant, registry, registrar and/or the data processor is regardless of location, that is on a global basis. Model 3 would allow for the display of Thin registration data and any other non-personal registration data. To access non-public information, a requestor would provide a subpoena or other order from a court or other judicial tribunal of competent jurisdiction. This model would apply to all registrations on a global basis. Please click here to see the models [PDF, 624 KB]. We will share these models as we continue our engagement work, including with the Article 29 Working Party. As always, we'll continue to keep the community apprised of the various discussions we have. We've also received a range of correspondence relating to the GDPR. We urge you to visit our data protection/privacy page to view the latest correspondence, proposed models from the community, and other materials relevant to this discussion. Happy 2018 and we look forward to all the work with the community over the coming year. […]

  • Data Protection and Privacy Update – Plans for the New Year
    on December 21, 2017 at 8:00 am

    As 2017 comes to an end, it's a good time to assess where we are and where we are going with our work to address potential compliance issues with ICANN agreements with generic top-level domain (gTLD) registries and registrars in light of the European Union's General Data Protection Regulation (GDPR). A Look Back at 2017 We started out by working with an ad hoc group of community volunteers to help us create and populate a matrix of user stories of the personal data that gTLD registries and registrars collect, transmit, or publish pursuant to ICANN agreements or policies. The purpose for collecting this information was to inform discussions about whether there are potential compliance issues under ICANN agreements with registries and registrars because of the new law, and to engage with data protection authorities. We continued this work by facilitating discussions within the multistakeholder community during ICANN Public Meetings, blogs, and webinars. Also, we engaged the European law firm Hamilton to provide legal analysis on these issues. This analysis, developed in parts, aims to serve as building blocks for community discussions about how to approach GDPR issues in the domain name space. Ultimately, this data will help us outline a legal framework on which to build possible models for compliance with both the GDPR and ICANN's contracts with gTLD registries and registrars. Part 1 [PDF, 252 KB], published on 16 October 2017, described the potential issues that could arise in relation to the WHOIS service in its current form as a result of the GDPR. Part 2 [PDF, 577 KB], published on 15 December 2017, addressed questions that the ICANN community has raised with a goal of providing a better general understanding of the effects of the GDPR on the domain name space. Part 3 [PDF, 440 KB], published today, elaborates on how the processing of data within the scope of WHOIS could possibly be changed to become compliant with the GDPR. This analysis lays out a legal framework to guide our approach to begin building potential compliance models with the community's input. Charting a Path for the New Year As we look to the new year, we are mindful that the May 2018 GDPR enforcement date is fast approaching. It's important to plot out where we're going so that we start the year with the energy and direction that we'll need to get us to our goal. We've made it a high priority to find a path forward to ensure compliance with the GDPR while maintaining WHOIS to the greatest extent possible. Now, it is time to identify potential models that address both GDPR and ICANN compliance obligations. We'll need to move quickly, while taking measured steps to develop proposed compliance models. Based on the analysis from Hamilton, it appears likely that we will need to incorporate the advice about using a layered access model as a way forward. Before 15 January 2018, we want to publish for Public Comment proposed compliance models. As a first step, we'd like to hear your feedback and suggestions about the layered access approach described in Part 3 of the Hamilton legal analysis. To help us meet this deadline, please submit your feedback before 10 January 2018. As we look to settle on a compliance model by the end of January, the community's continued participation and input will be instrumental in ensuring that we've appropriately shaped the model. Email your comments and suggestions to gdpr@icann.org. To be clear, your feedback about the layered access approach outlined in the Hamilton memo is not intended to replace the ongoing process we published about how to submit a proposed compliance model in response to the 2 November 2017 Statement from Contractual Compliance. We have received one suggested model and know that many of you have been working to finalize your proposals. Your models will help us shape our proposal and we will continue to publish your submissions on our webpage as we receive them. We look forward to continuing our engagement with the ICANN community in 2018 as we work together on this important issue. As before, we will continue to provide updates via blogs, webinars, and documents on our Data Protection/Privacy Issues webpage. […]

  • Do You Have a Domain Name? Here's What You Need to Know.
    on December 19, 2017 at 8:00 am

    Part III – Having Issues Transferring Your Domain Name? One of the primary purposes of ICANN's Transfer Policy is to provide you with the option to freely move your domain name from one registrar to another. In our last blog, we explained how to do this. If you still have problems making a transfer, here is some information on why you might be encountering issues and some additional information on what you might be able to do about it. The first thing you should know is that there are a few instances when your registrar cannot transfer your domain name, such as if it is the subject of an ongoing Uniform Domain Name Dispute Resolution Policy (UDRP), Transfer Dispute Resolution Policy (TDRP) or Uniform Rapid Suspension (URS) proceeding. Your registrar also cannot transfer your domain name if it is subject to a court order. Additionally, as we explained in the last blog, your domain name cannot be transferred if it is subject to a 60-Day Change of Registrant lock. There might be other reasons your registrar is denying your transfer request. This will depend on the terms and conditions of your registration agreement with the registrar. For example, there is evidence of fraud, your name is not listed as the registrant of record, or if you have an outstanding payment for a previous registration period. Non-payment for a pending or future registration period however is not grounds for denial of transfer. It is important that you understand the terms and conditions in your registration agreement so that you know what to expect if you decide to make a transfer. What to Do? There are some common issues you might run into when transferring a domain name. You can't transfer the domain name because it is in a 60-day Change of Registrant lock. This rule is in place to prevent unauthorized changes to your contact info for the purposes of making unauthorized transfers, which could result in making the domain name un-recoverable. If you want to opt out of this protection, you can make the request to your registrar prior to making changes to your contact information. You cannot transfer the domain name because your request falls within 60 days of the initial registration or a previous transfer. This rule is put in place for your protection. Some registrars however may choose to grant exceptions to this rule so you can contact your registrar directly to ask if they'll allow you to initiate a transfer during this period. You cannot transfer the domain name because it is in 'Registrar Lock' or 'Client Transfer Prohibited' status (sometimes used to protect against unauthorized transfers). You can change these statuses by contacting your registrar. Some registrars may provide you with the option to change these statuses yourself via your control panel. In either case, the registrar must provide you with the AuthInfo code needed to change the status within five calendar days of your request. You should know that you can always contact your registrar directly for assistance with transferring, even if you registered your domain name through a reseller or another service provider. ICANN is not a registrar and does not transfer domain names. If you do not know who your registrar is you can search here to find out. If after you've contacted the registrar and you are still not successful in your attempt to transfer your domain name, you can submit a formal Transfer Complaint with ICANN. Click here to read 5 things Every Domain Name Registrant Should Know About ICANN's Transfer Policy FAQs: Transferring Your Domain Name More Information on Domain Name Transfers More Information on Transfer Complaints [PDF, 124 KB] More Information about Domain Name status codes, such as 'Registrar Lock' or 'Client Transfer Prohibited' Learn more about ICANN's Transfer Policy (Effective as of 1 December 2016). The 'Do You Have a Domain Name? Here's What You Need to Know' educational series is part of ICANN's broader efforts to help you better understand the ICANN policies that affect you, your role in the Domain Name System (DNS), and the role of the ICANN organization, registries, and registrars in the DNS ecosystem. […]

  • Chairman's Blog: Year End & Well Wishes
    on December 18, 2017 at 8:00 am

    I am writing to you from the 12th annual meeting of the Internet Governance Forum (IGF), in Geneva, Switzerland, where I am here with some of my Board colleagues and members of the ICANN community engaging with the broader Internet governance community. Thematic issues that can impact our technical mandate are being discussed here. These issues include privacy and data protection, jurisdiction, intellectual property, cyber security and many more. We are represented in those discussions, so that our points of view are considered as policies, legislations and priorities are formed around the world. If you are at the IGF, please join us for an ICANN Open Forum session; you can find more details about our participation here. In this blog, I want to provide you with an update on some outstanding items and our final Board meeting of the year as December wraps up. ICANN Reserve Fund As you may recall from my blog on the Board's Priorities for the year, the Board is concerned about the depletion in the ICANN Reserve Fund. We recently concluded a public comment period on an updated rationale and target level for the Reserve Fund. While we await the final staff summary report (which should be published shortly), it looks like there is a general consensus from the community that the Reserve Fund should have a target level of a minimum of 12 months of operating expenses. Based on the expected findings of that report, we anticipate discussing a resolution to this end at our next board workshop in early February 2018. Now that the public comment period has closed, we have begun discussion and debate inside ICANN org and the Board on the options available for replenishing the Reserve Fund. As of the end of September 2017, the Reserve Fund was at the five-month level. We are therefore facing a shortfall of approximately seven months, equivalent to $80 million U.S. dollars (USD), based on our current budget. We plan to release another paper for public comments early next year to solicit community input on how best to replenish the Reserve Fund. Pressures on the FY19 Budget Over the past years ICANN's funding has consistently increased, which has enabled ICANN org to respond flexibly to requests to fund projects that are proposed outside the normal budgeting cycle. This flexibility is unlikely to continue, as funding is appearing to stabilize for the foreseeable future at the FY17 level of approximately $135 million USD per fiscal year. For your information, the FY18 funding budget is $143 million USD. This projected funding level will necessitate making trade-off decisions when developing the FY19 Budget. Furthermore, it will be challenging during the next fiscal year to undertake new projects that have not been planned for in the FY19 Budget, unless and until ICANN org has concluded that available contingency funds can responsibly be allocated for that purpose or has identified corresponding budget savings to offset unplanned spending. Göran expands on this issue in his blog. We must also look beyond the FY19 Budget. The community, the Board and ICANN org must soon begin discussions about longer-term goals and strategic planning. Board Resolutions from 13 December Meeting We held our final Board meeting of 2017 last week, and had a productive session. We passed four resolutions, including appointing Kim Davies to the role of PTI President, and appointing the Board directors to PTI. Congratulations to all on their new positions. We also approved the at-risk component of Göran Marby's compensation for the first six months of FY18, and agreed with Göran on his goals for the second half of FY18. Read the resolutions in greater detail here. Progress of Board Member Integrity Screening On 1 November, I posted a blog discussing the issue of Board member integrity screening and outlining the steps we were taking. We requested that four directors and three liaisons be screened, and I am pleased to say all seven screenings have just been completed and are now in the regular process of being reviewed. With all that being said, on behalf of the Board I wish everyone a happy and healthy year ahead. I hope you have a peaceful holiday season and look forward to 2018. […]

  • President's Corner: Finances & Planning for the Next Two Years
    on December 18, 2017 at 8:00 am

    One of my personal priorities for my role in ICANN is continuing to improve ICANN org's efforts to be transparent, accountable and accessible. In this spirit, I am sharing something the Executive Team and I have been spending a lot of time lately, and an area of great focus for us in the coming year. By now I hope you have also read the blog by Cherine on this topic. As I mentioned in the recent Quarterly Stakeholder Call, we saw slower funding in the first quarter of FY18 by $1m versus our approved budget, with lower domain name registrations than planned. So, we believe the FY18 funding could remain flat compared to FY17's funding, instead of the growth budgeted in FY18. We need to make some changes to address that. And, at the same time, we are currently planning for the next two years out – FY19 and FY20. We are also forecasting lower funding for FY19 compared to the approved FY18 budget. As Cherine mentioned, there is also a discussion going on about the Reserve Fund, and we need to factor that into our planning. As a non-profit it is important that we stay within our budget. That takes some work but I feel confident the ICANN community will support us in this effort. The reality is, ICANN has a significant budget but not an infinite budget. We need to make some changes, and can't do everything we are asked. You as the ICANN community will feel the impact of some of those changes. We have already begun addressing this by focusing on finding efficiencies where possible. For example, when someone leaves ICANN org, we are taking a close look at the vacancy, the team's needs and other people's availability and skills before deciding if we are going to fill the role. We are also looking at our staff travel practices for ICANN meetings and other ICANN org commitments, reviewing our language services support levels and offering, and trying to consolidate our collateral and the volume of reports. We are looking at what projects we could delay or stop, and reviewing things with a fresh set of eyes – just because we've always done something a certain way, doesn't mean that's the right choice now. These are just a few examples. We are examining a lot of our internal policies and spending levels, and looking closely at how we do things to make sure we do the right thing, in the most efficient way. It is important that we govern our work to our means. I wanted to share this with you now, to let you know you will occasionally be seeing some changes in how we operate. Some will be bigger than others, and for the ones that impact you, you will be asked to participate in public comment periods, discussions around priorities and strategic planning, and sessions with ICANN org to help us understand what is most important to you. There will be a budget out for public comment mid-January 2018 and I hope you will review and participate actively. Of course, you are in charge of the final version of the budget. I look forward to the result of your input. […]

(Visited 2 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *