IPC/BC Presentation: Community Work on Accreditation and Access Model for Non-Public WHOIS 26 June 2018 ICANN62 GAC Plenary Meeting Agenda Item 8 - GDPR Discussion
Agenda | 2
Context & Timeline 25-May-2018 May-2019 New P/P Privacy/Proxy Services Accreditation Services New RDS ICANN RDS (Registration Data Services) EPDP Policy Community Temp Spec in Operation New RDS Implemented Temp Spec Enforcement ICANN Org Enforcement Guidance Binding Opinions Advice Legal Article 29 Data Working Protection European Data Protection Board, EC, Governments Party Authorities
Current Temp Spec Obligations for Registries and Registrars: 4. Access to Non-Public Registration Data 4.1. Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interest pursued by the third party , except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR. from p.19 of the Temporary Specification approved by the ICANN Board, 17-May-2018
Registrant Data for Public display Registrants • anonymized registrant email or web form • registrant organization • registrant state/province & country • primary & secondary name server(s) • information about Registrar Registrars Access, • creation and expiration date of registration via Website Non-Public Registrant Data, for: and Port 43 “unless Registries overridden by data subject rights” Data ICANN Any Requestor with Accredited Escrow (Thin Legitimate Interest Requestors Providers data)
Importance / Basis for Authenticated Access to Data – D Taylor The Past • Reverse WHOIS: Pattern of bad faith: One of the key elements when bringing a UDRP • A pivotal pointer for a Complainant to see if the domain name registration a one off / accident / genuine fan site or part of a targeted infringement / phishing campaign • http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2014-2015 • http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1934 • http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2016-2380 The Present • Post 25 May 2018 Public WHOIS dramatically changed. Now behind a curtain • Need for legitimate access • Radical change but no system for access in sync with this change • Who is benefitting most from GDPR and WHOIS? Internet phishers and infringers? • Individual requests to individual registrars with varied results • Varied responses: Refusal to provide? Delay providing? Misunderstanding of the law? • Manual one to one requesting is time heavy for everyone. The Future • With the curtain drawn necessity to have an access and accreditation system • NB for a legitimate interest, not unfettered access by anyone to the personal data of individuals for any purpose. | 1
Recommend
More recommend