ICANN Still Wrestling With Whois Issues

and registrars to continue to comply with existing ICANN contract requirements for handling personal data while also complying with the GDPR. It also launched an expedited policy development process (EPDP) to decide (Phase 1) whether to confirm the specification and then (Phase 2) to discuss whether to create a standardized access model to nonpublic registration data (SSAD). The Generic Names Supporting Organization (GNSO) Council approved a final report for Phase 2 in September 2020, but in response to a request by some EPDP members it also launched a Phase 2A to look into two additional subjects: (1) Differentiation of legal vs. natural persons' registration data. (2) The feasibility of unique contacts to have a uniform anonymized email address. ICANN now is seeking comments on the Phase 2 draft final report. The lengthy process resulted in some recommendations for ICANN board consideration -- but not in any kind of consensus, leading one ICANN-watcher to complain that the internet body's Whois policy "continues to fail." ICANN is supposed to ensure the continued availability of Whois data to the widest extent possible while maintaining the stability and security of the domain name system, blogged Perkins Coie intellectual property attorney Fabricio Vayra. Instead, the latest recommendations on Whois "contain no changes to the ineffectual status quo, and do not require registries and registrars to do anything" to distinguish between legal and natural persons. Nearly every ICANN constituency filed "minority statements" in the Phase 2 draft report objecting to the outcome of the policy process. Now ICANN is also trying to develop a system to help board members assess SSAD proposals. This is the beginning of a longer conversation for if and when ICANN decides to implement an SSAD, said Yuko Yokoyama, ICANN strategy initiative team project director, at a Nov. 18 webinar. The SSAD "is a brand-new, never-before-built system that affects people globally," an ICANN spokesperson emailed. The assessment that is needed to design an effective, efficient system to help the board's deliberations on the recommendations "is time-consuming and critical." The goal is to "get it done right and to take the time needed to do that." The ODP will result in an operational design assessment, expected to go to for board consideration by the end of February, she said. Asked whether there are concerns that it's taking so long to resolve Whois issues, the Belgian Data Protection Authority, which has lead jurisdiction over ICANN, emailed Friday that it and the European Data Protection Board "have dedicated significant time and resources to support ICANN's compliance efforts with meetings and guidance." The last meetings occurred in 2020, and the Belgian DPA "stands readily available and remain[s] committed to pursue those efforts."