News Review | ICANN WHOIS & EU GDPR: Points of View (video)

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-02-25) with analysis and opinion: Features •  1) ICANN WHOIS & EU GDPR: Points of View (video),  2) Morgan Stanley Technology, Media & Telecom Conference - GoDaddy $GDDY3) ICYMI Internet Domain News: ChinaGeorge Soros, and Turkey, 4) ICANN news: SSR2-RT: Letter from GNSO Council to SO/AC Leaders, and more, 5) Names, Domains & Trademarks6) Most Read.

1) ICANN WHOIS & EU GDPR: Points of View

What is GDPR?

Salesforce.com, Inc. video above published Nov 10, 2017. "Learn about the General Data Protection Regulation (GDPR) ... the new EU regulation." Salesforce.com, Inc. (NYSE: CRM), is a cloud computing company headquartered in San Francisco, California.

Editor's note: notice the completely different angle of approach taken by Salesforce as compared to ICANN (see below). Salesforce, an American technology company operating globally, has fully embraced the EU's GDPR as consistent with Salesforce's own core values ("trust"), is clearly prepared, confident, and proactive in educating and preparing its own stakeholders (customers) for the GDPR effective date of May 25, 2018 (now less than 90 days away).

ICANN, on the other hand, as of today, is still clearly unprepared--Letter from ICANN CEO Göran Marby to Chair, Governmental Advisory Committee (GAC), Manal Ismail | ICANN.org Feb 22, 2018: "As I noted in the 2 February webinar, we are seeking a single model for both the contracted parties and ICANN org to follow."--and has yet to publish its "single model" for use by ICANN and its "contracted parties" (registrars and registry operators).

On Thursday, Feb 22, 2018, I asked ICANN CEO Goran Marby (who is a citizen of Sweden and the EU): "1) When did you first become aware of the ramifications of the EU GDPR for ICANN, and 2) what caused ICANN to be so late in preparing for the May 25, 2018 effective date?"

Marby replied that it was a "good question" and answered that he first became aware in May 2016 (when he first came aboard as ICANN CEO), and that ICANN should have been involved in this (the GDPR) "four years ago." Marby also indicated that ICANN has had difficulty in dealing with the GDPR both as an organizational compliance issue as well as in its policy-making [which is driven by the ICANN community dominated by special interests (lawyers, lobbyists, contracted parties)]. The ICANN WHOIS policy (see further below) is a dinosaur reminiscent of Silicon Valley circa 1999:
Sun on Privacy: 'Get Over It' | WIRED.com Jan 26, 1999: "The Chief Executive Officer (CEO) of Sun Microsystems said Monday that consumer privacy issues are a "red herring." "You have zero privacy anyway," Scott McNealy told a group of reporters and analysts Monday night at an event to launch his company's new Jini technology. "Get over it.""
See also:
What is WHOIS
About WHOIS | ICANN.org: "Every year, millions of individuals, businesses, organizations and governments register domain names. Each one must provide identifying and contact information which may include: name, address, email, phone number, and administrative and technical contacts. This information is often referred to as "WHOIS data." But the WHOIS service is not a single, centrally-operated database. Instead, the data is managed by independent entities known as "registrars" and "registries." Any entity that wants to become a registrar must earn ICANN accreditation. Similarly, registries are under contract with ICANN to operate a generic top level domain, such as .COM, .ORG, or one of the new gTLDs such as .STORAGE and .LINK.
"Based on existing consensus policies and contracts, ICANN is committed to implementing measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, subject to applicable laws. To do that, registrars and registries provide public access to data on registered domain names. Anyone can use the WHOIS protocol to search their databases and identify the domain name registrant.
"In 2016, new ICANN Bylaws replaced the WHOIS obligations originally established by the expired Affirmation of Commitments. These Bylaws require periodic reviews to assess the effectiveness of the current gTLD Registration Directory Service (RDS, formerly known as WHOIS) and whether its implementation meets the legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data. In addition, those Bylaws require ICANN organization to use commercially reasonable efforts to enforce its policies relating to RDS, while exploring structural changes to improve accuracy and access to generic top-level domain registration data, as well as considering safeguards for protecting such data."
ICANN WHOIS & EU GDPR--Points of View: 
  • What is going on with WHOIS? | R Street Institute | Rstreet.org".... The intersection of WHOIS and GDPR highlights the ways in which Internet governance is increasingly bumping into traditional regulation by nation-states. If it ever was, the Internet is no longer a domain outside the reach of governments. It is still a global ecosystem, but, as in this case, global policy can be swayed by regulations in a particular region. Maintaining the legitimacy of private Internet governance rather than government intervention is likely to become an increasingly difficult but important struggle." (emphasis added)
  • Data Protection/Privacy Update: Latest Developments | ICANN.org Feb 14, 2018: "My last blog of 25 January focused on the input received on the three proposed interim models for collecting registration data and implementing registration directory services in preparation for the 25 May 2018 enforcement date for the European Union's General Data Protection Regulation (GDPR). As you'll recall, input on the models which, along with feedback requested from community discussions on this topic, are contributing to the assessment of each potential option. From those inputs, either variations or modifications to one of these models, each of which includes a tiered/layered access approach to WHOISdata, will be identified ..."--Goran Marby, ICANN President & CEO 
  • GDPR Resources: .... | eNom.com"ICANN came back with three suggested models, each of which has significant flaws .... but we are proceeding with our GDPR implementation work as planned, relying on our legal counsel to help find the balance between compliance with ICANN and the GDPR itself."
  • Explaining the GDPR to an American | iapp.org: "... when customers share their data with us it is not ours, but rather theirs, at least as the European Union sees it and as reflected in the GDPR ..."
  • European Commission pitches in on ICANN's proposals for making the WhoIs register GDPR-compliant | Lexology.com".... ICANN has not much time left to solve the privacy issues of the WHOIS system, as the GDPR is set to become applicable in the EU on 25 May 2018. Whatever ICANN comes up with: As the Commission notes, it will be for the Member States data protection authorities and ultimately for the courts at national and EU level to assess the compliance of ICANN's new rules with the GDPR."

Editor's note: a little more than a year after completion of the IANA transition in which ICANN escaped from direct oversight by the U.S. government, the organization is now confronted with the task of complying with the European Union's GDPR (General Data Protection Regulation) by May 25, 2018, or facing substantial penalties. As noted by Rstreet.org above, neither the internet, nor ICANN, is beyond the reach of governments, the "IANA transition" notwithstanding. Yes, the U.S. government no longer has direct oversight of ICANN (via a contract with NTIA), but the reality is that since ICANN is no longer a U.S. government contractor, it is (or should be) viewed as an independent organization exercising the powers of a global monopoly in its policy-making and granting of global monopoly franchises of generic top-level domains (gTLDs), e.g., .COM and .NET, to enterprises such as Verisign (NASDAQ: VRSN). Under ICANN's multi-level scheme of "privatized" global internet governance, ICANN unilaterally imposes its "taxes" (a/k/a 'fees' or 'the vig') at every level: upon 1) domain name registrants, 2) registrars, and 3) registry operators. Not a bad racket, if you can get away with it, which may also explain why ICANN's compensation and benefits packages are "sky high," and in at least one case, kept secret, an apparent violation of U.S. public disclosure laws applicable to tax-exempt 501(c)(3) non-profit organizations like ICANN.

Today, ICANN and its hundreds of gTLD registry operators, operate without benefit of any grant of authority from any government, or intergovernmental authority, or international treaty, but like everyone else, are subject to regulations and laws promulgated by governments all over the world, as demonstrated by the EU's GDPR, as well as China's internet regulatory regime, and their ensuing legal liabilities and penalties. This may be just the beginning. As I noted during the IANA transition, be careful what you ask for--
"I think if we get rid of that [IANAcontract we will be free of the pressures."
                    -- ICANN President and CEO Fadi Chehade, February 10, 2015
See also: 

2)  Morgan Stanley Technology, Media & Telecom Conference Monday February 26 - Thursday March 1, 2018 (free registration for audio of presentations at the link above):
graphic: Morgan Stanley Technology, Media & Telecom Conference
GoDaddy (NYSE:GDDY) is presenting at the conference at 1:15 PM PT Monday.
GoDaddy reported Q4 FY2017 results on Thursday, Feb 22, 2018, after the market closed. On Friday, $GDDY shares gained more than 10% (chart above).

Other presenters at the Morgan Stanley Technology, Media & Telecom Conference on Monday include Intel, Microsoft, The Walt Disney Company, Alphabet (Google), NVIDIA, and Cisco. Full schedule Monday-Thursday at first link above (after registering). Highlights Tuesday-Thursday:
Tuesday: 10:15 AM PT Netflix
8:45 AM PT Twitter
8:45 AM PT T-Mobile
9:45 AM PT IBM Corporation
10:30 AM PT AT&T
10:30 AM PT Square, Inc.
12:00 PM PT Facebook
Thursday: 8:55 AM PT Salesforce
Miss a presentation? They are also available afterwards “on demand” at the first link above.

3) ICYMI Internet Domain News:
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
a. China: China’s former internet chief Lu Wei charged with taking bribes | thetimes.co.uk

b. George Soros: Defending our 'freedom of mind' from Google and Facebook | afr.com

c. Turkey Has The Most Jailed Journalists Worldwide | Statista.com:

4) ICANN news
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. SSR2-RT: 06 Feb 2018 Letter from GNSO Council to SO/AC Leaders (pdf)  [published 21 Feb 2018 by ICANN] re: Input of the GNSO Council on the current status and next steps of the Second Security, Stability, and Resiliency of the DNS Review Team (SSR2-RT), embed below (highlighting added):

b. Request 16-11Travel Reservations SRL, Spring McCook, LLC, Minds + Machines Group Limited, Famous Four Media Limited, dot Hotel Limited, Radix FZC, dot Hotel Inc., Fegistry, LLC | Letter from Flip Petillion on behalf of Requestors to ICANN Board Accountability Mechanisms Committee, 22 Feb 2018, reconsideration-16-11-trs-et-al-petillion-to-icann-bamc-redacted-22feb18-en.pdf [516 KB] embed below (highlighting added):

c. ccNSO Personal data publication consent form (template): ccNSO Personal data publication consent form (template) (pdf)

d. ICANN Webinar: Replenishment Strategy for the Reserve Fund | ICANN.org: Webinar Date & Time: 1 March 2018, 17:00 – 18:00 UTC, via Adobe Connect.

e. ICANN Public Comment periods closing in March, 2018 (subject to change):

5) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. ccTLD .au: Small businesses face expensive fights for ".au" web addresses as experts sound warning over new domain changes | smartcompany.com.au

 International SEO and search trends: How does it all work? | searchengineland.com: "The main takeaway here is that you must ensure you have the correct domain for your international SEO requirements."

 New gTLDs: Christa Taylor talks [new gTLD] domains | DomainNameWire.com: interview by Andrew Allemann, editor of Domain Name Wire, of Christa Taylor of dotTBA.com, a new gTLDs consultancy. Ms. Taylor honestly acknowledges the disappointing numbers in new gTLD registrations, the faulty expectations ("if we build it, they will come") and projections, doesn't deny that mistakes were made by new gTLD applicants and ICANN, confirms through her own personal experience, the "Universal Acceptance" problems with new gTLDs [Editor's note: better get a .COM domain for an email address], and describes the challenges of IDNs from working with a client registry operator in the Middle East.

6) Two Most Read posts (# of pageviews Sun-Sat) this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com
1. Tech Review | India Fines Google, China Fines Alibaba & Tencent (video)
2. News Review | ICANN Copes With Failing New gTLDs' Impact On Income
-- John Poole, Editor, Domain Mondo 

feedback & comments via twitter @DomainMondo


Domain Mondo archive