ICANN 'Carefully Evaluating' Input From EU Privacy Board on GDPR Compliance
ICANN is "carefully evaluating" guidance from the European Data Protection Board (EDPB) on Whois compliance with the general data protection regulation, General Counsel John Jeffrey blogged Friday. The July 5 letter provides additional advice that could "help significantly advance" the…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
discussion, he said. Privacy officials answered questions about ICANN's approach. The EDPB said personal data identifying individual employees or third parties acting on behalf of a registrant shouldn't be made publicly available by default, but if the registrant provides generic contact email information (e.g., admin@domain.com), publication is OK. On a unified access model for legitimate Whois users, EDPB said nonpublic data could be made available to third parties "provided that appropriate safeguards are in place to ensure that the disclosure is proportionate and limited to that which is necessary" and other GDPR mandates are met. It's likely the internet body will receive additional input if the community agrees on a method for providing access to nonpublic Whois information, Jeffrey wrote. The board also discussed ICANN's ongoing legal case in Germany against domain name registrar EPAG (see 1806220001), and ICANN has submitted the letter to the court. Governments are struggling to help ICANN comply with the GDPR while keeping the Whois database as open as possible (see 1806260021).