ICANN Blog

Sharing is caring!

ICANN Blog ICANN Blog

  • Data Protection/Privacy Update: Seeking Community Feedback on Proposed Unified Access Model
    on June 18, 2018 at 7:00 am

    Today we’re sharing for discussion the draft Framework Elements for a Unified Access Model for Continued Access to Full WHOIS Data [PDF, 93 KB]. At a high-level, it provides a process for how third parties may access non-public WHOIS data. I also want to take this opportunity to thank the ICANN community for their hard work and valuable inputs that led us to the adoption of the Temporary Specification for gTLD Registration Data (Temp Spec). The European Data Protection Board (EDPB) also recognized these community efforts and said it “expects ICANN to develop and implement a WHOIS model which will enable legitimate uses by relevant stakeholders, such as law enforcement, of personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those data.” Just as we all worked together to agree on tiered/layered access, which is a major change to the WHOIS services, your contributions here will help us shape this model. The EDPB also said that it “may engage further with ICANN to ensure that the legal requirements under EU data protection law are properly addressed.” We note the importance of community collaboration as we seek this legal certainty. The ICANN Board of Directors, in the Temp Spec, encouraged continued community work “to develop an accreditation and access model that complies with GDPR.” To further these community discussions, we have also published a chart [PDF, 90 KB] comparing our draft framework elements against those of two models proposed by ICANN community members. The framework lays out a series of central questions to help frame discussions about how such a model may work, including how and which users with a legitimate purpose, as defined by the law, can gain access to non-public registration data. It builds on the “Calzone Model” (Attachment 2), the Temp Spec, and also incorporates ideas from community members and relevant data protection authorities. This proposed unified access model would provide transparency, uniformity, and most importantly foster discussions that may increase legal certainty and simplify the process for all parties. Because access to non-public registration data is a public policy concern, and public policy is in the purview of governments, ICANN org’s proposal is to start by engaging with governments in the European Economic Area, which are also members of the Governmental Advisory Committee (GAC). Some of the questions to be discussed with governments include how law enforcement, individual users and other private third parties would be authenticated to access non-public registration data. There remain open questions on this and other issues for which we welcome your input. For example, the scope of data an eligible user group would have access to may be limited to only the fields a user requires, or the full WHOIS record for a particular query. In addition to sharing this framework with the community, we intend to discuss it with the EDPB to ensure the model is compliant with the European Union’s General Data Protection Regulation (GDPR). The community has also raised questions about this draft model and other related activities. I want to note that developing a unified access model has been part of our conversations regarding the GDPR from the start, including an approach outlined in both the Calzone and the Cookbook. Part of ICANN org’s role is to facilitate discussions with the data protection authorities (DPAs) to confirm, where possible, that the community’s consensus policy is compliant with the GDPR. ICANN continues to maintain a high level of transparency relating to our role. Our community conversations on these issues will help guide our discussions with the DPAs and we will continue to document these discussions. I encourage you to review the proposed unified access model and participate in community discussions on this topic, including at ICANN62, where there will be several sessions related to the GDPR and the Temp Spec.  In addition, you can provide your feedback via email to gdpr@icann.org. Be sure to visit our Data Protection/Privacy page for regular updates and an overview of our activities in this area. […]

  • Chair's Blog: A Preview of the Panama Board Workshop
    on June 15, 2018 at 7:00 am

    We are less than two weeks away from ICANN62 in Panama City, Panama. That means the Board is once again getting ready for another workshop, which will be held from 22-24 June, right before the meeting. If you’ll recall, we reorganized our last workshop in Vancouver to allow for more time to discuss the European Union’s General Data Protection Regulation (GDPR) and the proposed Temporary Specification for gTLD Registration Data, so this upcoming workshop will give us an opportunity to reconvene on some of the issues we set aside when we last met. We’ll be holding quite a few public sessions, as well as a public Board meeting. You can find out how to dial-in to these listen-only sessions here. On Friday, 22 June, the first day of the workshop, we’re going to start off with a dialogue with Göran Marby, ICANN President and CEO, and then jump into a discussion about the current status of GDPR. This will include an update on progress made in resolving the outstanding items outlined in the Appendix of the Temporary Specification. After lunch, Akinori Maemura will be leading a public session on recommendations for implementation of Internationalized Domain Name variant top-level domains. Following that session, Ram Mohan and Kaveh Ranjbar, along with David Conrad, will be providing an update on potential strategies to increase the resilience of the L-root. Avri Doria will then be leading a session on the status of the new generic TLD (gTLD) subsequent procedures policy work in the GNSO. As the gTLD Policy Development Process is getting close to making a recommendation about the possible launch of another round of new gTLD applications, it’s important that the Board discuss and start considering what its input might be. Afterwards, Becky Burr will spearhead a session on the status of work on the new Independent Review Process system, followed by a session on the Board’s communications strategy, which will be led by Lousewies Van der Laan. Saturday, 23 June, is packed with public sessions, so I highly encourage you to review the schedule and see which ones you might be interested in listening to. We will start the day with a public Board meeting, and then Avri and the Policy Development team will be briefing the Board on some of the hot topics that will be discussed during ICANN62 to ensure we are prepared. Maarten Botterman will then lead the second public session of the day, which will be an update on the status of deliverables related to the Board’s FY18 priorities, such as replenishing the ICANN org’s Reserve Fund and measuring the community’s satisfaction with the Board. The third public session of the day will be led by Khaled Koubaa and will be an update on the long and short-term options for streamlining the various ICANN reviews, a topic which is currently out for public comment. Following this, Maarten will hold a session on identifying our FY19 priorities. Becky Burr will then be joining him to host a session to discuss the Board’s inputs into the new gTLD auction proceeds work. During the final public session of the day, led by Matthew Shears, the Board Working Group on Internet Governance will be briefing the full Board about the upcoming potential policy issues that may have an impact on ICANN. The day will end with our feedback session, where we discuss how the workshop went and look for ways to improve upon the efficiency and effectiveness during the next iteration. The last day of the workshop, Sunday, 24 June, will be dedicated to strategic planning, as well as a roundtable with the chairs of ICANN’s Supporting Organizations and Advisory Committees, which Göran, Chris Disspain, and I plan to attend. Given the wide range of issues that we’ll be addressing during the workshop, I expect that this will be an intense and productive three days. I look forward to having you join us for our public sessions, as well as seeing many of you during the meeting. […]

  • Engagement Efforts with Local Stakeholders in Moscow
    on June 12, 2018 at 7:00 am

    Göran Marby, President and CEO, ICANN, was in Moscow, Russia, from 22-24 May for a series of meetings with the Russian Internet community. He was joined by David Conrad, Chief Technology Officer, and Tarek Kamel, Senior Vice President for Government and IGO Engagement, and myself. This was the ICANN organization's first high-level visit in over five years. It was also Göran's first visit to Moscow and Eastern Europe and Central Asia region as a whole, as ICANN President and CEO. The delegation learned firsthand about the community's priorities and discussed how to foster local participation in ICANN. During the trip, the delegation met with the local Domain Name System (DNS) community. A working meeting was organized with the Coordination Center for National Domains, .RU/.РФ, Russian ccTLD registry, which runs .RU, the ninth TLD and the fifth ccTLD by the zone size, and .РФ - the biggest IDN. We had a rewarding Q&A session with members of the local ccTLD and gTLD DNS market and security firms partnering with the ccTLD. Both were hosted by the Russian Association of Electronic Communications (RAEC), a digital business association that brings together over 150 local market players. Throughout the meetings, Göran emphasized that engagement with diverse communities is an essential part of the global ICANN strategy. Cyrillic is one of the most popular non-Latin scripts on the internet, and local internationalized ccTLD (.РФ) and gTLDs (e.g. .москва, .рус, .дети) are successful. He added that "Russia plays an important role in the digital world, and we would welcome more engagement from the Russian Internet community and more expertise from this country in the global ICANN ecosystem." David also participated in the St. Petersburg International Economic Forum, presented a lecture at the Higher School of Economics on the ICANN technical mission and spoke at Yandex's conference about the root server system and its evolution (see the recording from 1:28 here). We held meetings with the Russian Ministry of Digital Development, Telecom and Mass Communications, a member of ICANN's Governmental Advisory Committee (GAC) and the President's Executive Office representatives overseeing the digital agenda. In both meetings, we had an open exchange of ideas. ICANN confirmed its commitment to the security and stability of the global DNS. During the trip, the Coordination Center for national domains .RU/.РФ, one of our long-standing and most active partners for ICANN engagement in the region, confirmed that it will host the third Eastern European DNS Forum (EEDNSF) in Moscow at the end of 2018. Previously held in Ukraine and Belarus, the EENDSF aims to bring together the local DNS community in the region and we are happy to see Russia take over the baton and invite the community to join us there. The many dialogues we held have provided a good basis for further cooperation with various stakeholders in Russia, including the DNS industry and cybersecurity organizations on DNS abuse prevention and mitigation, as well as further communication, capacity building and mutual data exchange. At the same time, this visit to the region is part of our outreach to drive increased participation in ICANN through better understanding of its interests and priorities. Our collective success demands deeper engagement and innovation as we set the regional agenda for the coming years in Eastern Europe and Central Asia. […]

  • Fourth Annual 2018 GDD Industry Summit Recap
    on June 12, 2018 at 7:00 am

    During the third week of May, the Global Domains Division (GDD) of the ICANN organization held its fourth annual Industry Summit in Richmond, British Columbia, Canada. This year's Summit comprised of 410 attendees from over 32 countries, with dozens more participating remotely. The Summit was followed with the Registration Operation Workshop (ROW), an informal industry get-together sponsored by ICANN and Verisign. The primary purpose of the Summit is to provide a forum for ICANN's contracted parties to discuss issues of mutual interest and importance, share best practices, and meet one-on-one with members of the ICANN org. Several ICANN executives, including Göran Marby, ICANN President and CEO, and Akram Atallah, President of GDD, as well as a few ICANN Board members, attended this year's event and actively engaged with participants. The two and one-half day event was kicked off with the broadcast of the community webinar to discuss the proposed temporary specification for registration data that was under consideration by the ICANN Board at the time. Sessions then began in three topical tracks. This year many sessions were led by community members, with ICANN org staff taking a less active role in the presentation of content. Unsurprisingly, the most active topic was the European Union's General Data Protection Regulation (GDPR), and its pending 25 May 2018 enforcement date. Many of the sessions had a GDPR focus, including both the operational and technical aspects of implementing the Temporary Specification. The technical track sessions proved to be very popular, with participants actively proposing and discussing ideas. Many of the discussions featured small breakout groups to analyze particular issues and bring back the outcome to the broader audience. During the Contractual Compliance sessions, registrar and registry participants discussed with members of ICANN org's Contractual Compliance team the approach to be taken while contracted parties work on implementing the temporary specification. There were several sessions dedicated to .BRANDs and how to market TLDs. Case studies of success and failure were shared along with marketing ideas specific to premium names. The event ended with a wrap-up session facilitated by the chairs of the gTLD Registries and Registrar Stakeholder Groups, which included open comments and questions between audience members and senior GDD staff. We have published the results of the participant survey intended to help us continue to improve future GDD Industry Summits. The survey results and comments during the wrap-up session indicate that the multi-track format was a positive improvement. We've already received requests for a tech-ops track at the next Summit and potentially around ICANN tri-annual meetings as well. I'm very pleased with how the Summit has evolved into a major event that complements the tri-annual ICANN meetings. Community input has contributed to pre-determining that the 2019 location will be in the Asia-Pacific region with 2020 returning to Europe. The 2019 GDD Summit will be co-locating with the following events; Registration Operations Workshop (ROW), ICANN DNS Symposium, and DNS OARC. An event of this size and magnitude requires early planning and a significant amount of coordination. I'd like to extend my sincere thanks to everyone who made this Summit possible. A special thanks to the Registries and Registrar Stakeholder Groups' planning committee and other participants from the community who helped in planning and moderating several sessions and the ICANN meetings and IT support teams, whose many contributions and team-oriented spirit make it all possible. If you're interested in learning more about the GDD Industry Summit, please see the posted agenda or listen to the Adobe recordings of the sessions at https://www.icann.org/gddsummit. […]

  • Data Protection/Privacy Update: ICANN’s GDPR Efforts with Temporary Specification Now in Effect
    on June 5, 2018 at 7:00 am

    With the recently adopted Temporary Specification for gTLD Registration Data now in effect, I wanted to take this opportunity to update you on what the ICANN organization is doing internally to comply with the European Union's General Data Protection Regulation (GDPR). I also wanted to share some new information about our ongoing dialogue with the Article 29 Working Party (WP29), which has now become the European Data Protection Board (EDPB). With regard to our internal compliance efforts within the ICANN org, we have updated several of our policies, including the following policies that cover both the ICANN org and Public Technical Identifiers (PTI): An updated online Privacy Policy A revised Terms of Service A revised Cookies Policy A new Notice of Applicant Privacy (relating to data processed for employment applications) A revised New gTLD Program Personal Data Privacy Statement Links to the new online Privacy Policy, Terms of Service, and Cookies Policy have been placed on ICANN supported websites, including icann.org, as well as community-facing sites, such as the Community Wiki, atlarge.icann.org, gac.icann.org, and whois.icann.org, to name a few. Pop-up notifications, banners, and hard-coded text have been deployed on most of these sites to notify users of these recent changes. You can find all of these policies here. Over the next few weeks, acknowledgment or consent language regarding our data processing practices and Terms of Service is being placed on every fillable and downloadable form available across all ICANN org supported websites. We've also rolled out internal changes to the way we handle personal data, from data processing arrangements with vendors to our various personnel policies. As for our external activities, we recently published a letter from the European Commission's (EC) Directors Generals (Roberto Viola, DG Communications Networks, Content & Technology; Paraskevi Michou, DG Migration and Home Affairs; and Tiina Astola, DG Justice and Consumers) about our efforts related to the WHOIS services. We are pleased with the positive feedback they've provided regarding the Temporary Specification. In my response, I reiterated our appreciation of the Commission's ongoing facilitating role, and outlined the next steps now that the Temporary Specification has been adopted. We also appreciate the 27 May 2018 communication from the European Data Protection Board and its recognition of the work ICANN has undertaken with its stakeholders and contracted parties on GDPR as it applies to the WHOIS services. We look forward to continuing our dialogue with the community and the relevant European data protection authorities, including the European Data Protection Board, as we seek further clarification on the law and work to develop a unified access model for providing continued access to full WHOIS data. This includes identifying opportunities for ICANN, beyond its role as one of the "controllers" with respect to WHOIS or its contractual enforcement role, to be acknowledged under the law as the coordinating authority of the WHOIS system. We will continue to keep the ICANN community updated on these discussions as they occur. As the ICANN Board is required to reaffirm the Temporary Specification 90 days after its adoption, we encourage ongoing community discussions and welcome your feedback at gdpr@icann.org. An announcement related to our recent legal activities related to the GDPR is published here. Be sure to visit our Data Protection/Privacy page for regular updates and an overview of our activities in this area. […]

(Visited 3 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *