No Board Action on GDPR Compliance at Upcoming ICANN Meeting

development process team working on a temporary spec for generic top-level domain name registration data compliant with the EU general data protection regulation published its final report Aug. 10. It recommends a standardized system for granting access to and disclosure of nonpublic gTLD registration data. Chan couldn't predict when directors might consider the recommendations, which first need approval by the Generic Names Supporting Organization Council followed by another public consultation. It's unresolved whether the rules should apply to legal and natural persons and questions about data accuracy, he said at a policy update webinar. GDPR compliance remains a high priority for the Governmental Advisory Committee, said ICANN Senior Policy Director Rob Hoggarth. In August, GAC published a minority statement on completion of the second phase of the Whois policy development process. It said the proposed regime for access to nonpublic registration data is fragmented; doesn't include enforceable standards to review disclosure decisions; and doesn't adequately address consumer protection and trust concerns. A minority of the Stability and Security Advisory Committee also opposed (SAC112) the recommendations, saying the process didn't provide results that "are reasonably suitable for security and stability." An Oct. 21 session at the ICANN meeting will address the impact of Whois changes under GDPR on end users and public safety.