Subscribe
scyther5-1
11 July 2018

ICANN’s Whois proposal fails to impress European data regulators

ICANN’s interim proposal for making the Whois system compliant with the new General Data Protection Regulation (GDPR) in the EU has failed to impress European data regulators.

The European Data Protection Board (EDPB), which is an independent European body, published its letter to ICANN on Thursday, July 6.

Under the Whois system, domain name registries and registrars must provide public access to information on registrants, including their names and addresses.

ICANN approved a temporary solution for storing registration data in May, a week before the GDPR came into force, to comply with the new regulation. During the same month, it wrote to the EDPB to seek clarification on its obligations under the GDPR.

Personal data processed through Whois can be made available to third parties with “a legitimate interest in having access to the data”, the EDPB’s response said, but registrants should not be required to provide personal data identifying third parties to fulfil the “administrative or technical functions on behalf of the registrant”.

The EDPB also said it is for ICANN to determine and justify the appropriate data retention period.

However, it added that ICANN has yet to demonstrate why each of the personal data elements processed in the context of Whois “must in fact be retained for a period of two years beyond the life of the domain name registration”.

It requested that ICANN re-evaluate its proposed retention period of Whois data.

In its letter, the EDPB said ICANN must take further steps to become compliant with the GDPR.

ICANN first proposed interim changes to the Whois system in February this year, but in April, the Article 29 Data Protection Working Party (WP29) said the changes did not go far enough.

WP29 was an advisory group made up of a representative from the data protection authority of each EU member state. It has been succeeded by the EDPB.

Meanwhile, ICANN is embroiled in a legal battle with domain name registrar EPAG in Germany. ICANN requires full Whois data to be collected, and ordered registrars to continue collecting administrative and technical data after the GDPR came into effect in May.

But EPAG said it would delete the contact information for new domain name registrations following the introduction of the new regulation.

ICANN asked the Regional Court in Bonn to issue an injunction in order to ensure the data is made available, but the court refused. ICANN has appealed against the decision.

This story was  first published on TBO.

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

article
ICANN asks German court for GDPR clarity over Whois
29 May 2018   On the same day as the EU’s General Data Protection Regulation came into force, ICANN filed injunction proceedings against a domain name registrar in an effort to clarify how the new regulation should be interpreted.
article
GDPR: German court refuses to issue ICANN injunction over Whois
5 June 2018   A German court has refused to issue an injunction requested by ICANN, with the organisation claiming the court failed to provide clarity surrounding the EU’s new General Data Protection Regulation.
article
ICANN seeks feedback on unified access model
24 August 2018   ICANN has asked for feedback on its proposal for a possible unified access model to the Whois system, in an effort to engage with data protection authorities and be compliant with the newly implemented General Data Protection Regulation in the EU.


Editor's picks

Patents
UPC’s ‘pro-transparency’ ruling welcomed—but does it go far enough?
11 April 2024

Editor's picks

Patents
UPC’s ‘pro-transparency’ ruling welcomed—but does it go far enough?
11 April 2024
Patents
Ericsson’s SEP triumph ‘paves way’ for future litigation in India
9 April 2024
Diversity
‘Cut yourself some slack’: How to avoid technostress
8 April 2024
Trademarks
Price-matching message checks out for Lidl
20 March 2024
Trademarks
Exclusive: New TM Rankings results are a 'testament to UK's depth of talent'
15 March 2024
Trademarks
‘A lot of companies might have been afraid to sue Amazon’: Q&A with Andy Lee, Brandsmiths
14 March 2024

More articles

AI avatars will ‘completely revolutionise’ the challenge of counterfeits
EUIPO celebrates ‘special moment’ in Alicante
World IP Day: EPO reveals 33% jump in cleantech inventions over five years
Wasteful or distinctive? The effect of EU and UK packaging waste policies on brand owners
Tencent: 'Litigation's not the only way to tackle counterfeits'
EU court rejects ‘Pablo Escobar’ trademark bid
Mathys & Squire hires SEP expert from boutique firm to Munich office
Ireland set to stall UPC vote in ‘regrettable development’