Whois vs GDPR, latest news
Brian Kantor
Brian at ampr.org
Wed May 16 21:02:00 UTC 2018
A draft of the new ICANN Whois policy was published a few days ago.
https://www.icann.org/en/system/files/files/proposed-gtld-registration-data-temp-specs-14may18-en.pdf
>From that document:
"This Temporary Specification for gTLD Registration Data (Temporary
Specification) establishes temporary requirements to allow ICANN
and gTLD registry operators and registrars to continue to comply
with existing ICANN contractual requirements and community-developed
policies in light of the GDPR. Consistent with ICANN’s stated
objective to comply with the GDPR, while maintaining the existing
WHOIS system to the greatest extent possible, the Temporary
Specification maintains robust collection of Registration Data
(including Registrant, Administrative, and Technical contact
information), but restricts most Personal Data to layered/tiered
access. Users with a legitimate and proportionate purpose for
accessing the non-public Personal Data will be able to request
such access through Registrars and Registry Operators. Users will
also maintain the ability to contact the Registrant or Administrative
and Technical contacts through an anonymized email or web form. The
Temporary Specification shall be implemented where required by the
GDPR, while providing flexibility to Registry Operators and Registrars
to choose to apply the requirements on a global basis based on
implementation, commercial reasonableness and fairness considerations.
The Temporary Specification applies to all registrations, without
requiring Registrars to differentiate between registrations of legal
and natural persons. It also covers data processing arrangements
between and among ICANN, Registry Operators, Registrars, and Data
Escrow Agents as necessary for compliance with the GDPR."
More information about the NANOG
mailing list