The conversation that is dominating policy-making and discourse during the ICANN 61 meeting in San Juan Puerto Rico is a continuing complex conflict happening among ICANN data protection contracts. Requirements for ICANN, when it comes to registrars are that they must provide a public directory service which is called a Whois database. This allows anyone across the world instant access to personal data about all the main registrants when they type it in the domain itself. What has happened is that ICANN has continued to look past and ignore warnings regarding the illegal issues around the topic for over 20 years. Now, reforms are getting into place through the information of Europe General data protection regulation that started in May.
With GDPR coming into force, this was considered the last large public meeting. ICANN has a significant chance which could be considered its last in the attempt to merge the community together and create a path heading towards compliance. Now with several days in Puerto Rico it’s been reported that ICANN.org could miss this great opportunity. It’s noted that many of ICANN staff and the board along with particular stakeholder constituencies are just not prepared to take on changes that are required to meet the GDPR changes and compliance. The denial starts with the stakeholders who drive ICANN decision-making when it comes to who is reform. Their goal seems to be to hold onto the old WHOIS database while using GDPR complaints. They are light on unrealistic rationalizations and procedural loopholes in considering legal risk and compliance which keeps them doing the same thing as before. Fines and lawsuits will definitely hit the ICANN community.
This blog thesis is to give them what they ask for. It should be a certain reality that preparation for litigation is, in fact, the possibility. Documentation should be done carefully and calmly to show how ICANN fails reforms, doesn’t meet and misses all general GDPR tests. It should also be noted that ICANN contracting parties face risk of being sued as well. That said, all litigants will be cheered on with support as they are given help regarding funding until ICANN ceases the game playing and decides to make simple reforms that are needed regarding basic data protection.
There are several things, but the main one is when ICANN released a proposal on March 8th regarding an interim model for GDPR compliance
. It clearly shows in attachment 3, on page 56, there is a drastic reduction to data that Whois will display publicly. Before the celebrations begin, it’s imperative one see and read the attachment appearing on page 58. It reveals that ICANN is attempting to escape the serious data protection laws by using a “tiered” access. This basically means that the data, most of it, won’t be available to those who make queries on a domain, but it can be found by certain accredited parties.