ICANN Updates Its GDPR Compliance Activities

"temporary specification" for compliance (see 1805140001). He thanked the new European Data Protection Board (EDPB, formerly the Article 29 Data Protection Working Party) for its "recognition of the work ICANN has undertaken with its stakeholders and contracted parties on GDPR as it applies to the WHOIS services," and said the internet body wants to develop a unified access model for continued access to all Whois data. "This includes identifying opportunities for ICANN, beyond its role as one of the 'controllers' with respect to WHOIS or its contractual enforcement role, to be acknowledged under the law as the coordinating authority of the WHOIS system." The EDPB, which met for the first time May 25, endorsed an earlier WP29 statement that said the GDPR doesn't allow national supervisory authorities or the EDPB "to create an 'enforcement moratorium' for individual data controllers." Data protection authorities may, however, take into account measures that have already been taken or are underway when determining the appropriate regulatory response, it said. ICANN was already told it must put in place a Whois model that enables legitimate uses by relevant stakeholders, such as law enforcement, of domain name owners' personal information, "without leading to an unlimited publication of those data," the EDPB said. Internally, ICANN has now revamped its online privacy policy, terms of service, cookies policy and new generic top-level domain program personal data privacy statement, and created a new notice of applicant privacy relating to data processed for employment applications, Marby wrote.