UPDATE: ICANN Webinar on Final Proposed FY19 Operating Plan and Budget | ICANN.org: webinar on 24 May at 14:00 UTC (10:00 am EDT in US)--learn more about the proposed ICANN budget changes and ask questions. Webinar link: https://participate.icann.org/finance/. Budget Executive Summary in Document 1 [PDF, 305 KB]. A recording of the webinar will be posted at the community wiki.
Original Post:
1) ICANN's GDPR Train Wreck 25 May 2018 & Beyond
 |
| https://www.icann.org/resources/board-material/resolutions-2018-05-17-en |
But even on the surface all may not be well at ICANN re: GDPR, no word yet on what the following Special Board Meeting 21 May 2018 agenda notice published Friday by ICANN.org pertains to:
Who's definitely not happy? The U.S. government (Trump administration), trademark lawyers, corporate lobbyists, and a slew of others, including internet security professionals, as well as most domain name registrars and registry operators who will have to carefully implement new GDPR data requirements by May 25th in regard to domain name WHOIS data (see letters below) or face stiff penalties from the European Union's GDPR DPAs (data protection authorities).
Editor's note: I would be remiss if I did not note that one irony of this whole situation is that all of this could have been avoided had ICANN and the Obama administration (US gov) not been in such a hurry to finish the IANA transition by October 1, 2016 (implementing a US gov decision made in 2014 in response to the global reaction to the "Snowden revelations") or had allowed an intergovernmental successor to the U.S. government's stewardship of the internet and oversight of ICANN and the "IANA functions" via the IANA functions contract. The EU's GDPR was already known and published in May, 2016, and ICANN CEO Goran Marby said (in answer to my question at a Quarterly stakeholder call) that he became aware of the "ramifications of the GDPR for ICANN" shortly after he came aboard as ICANN President and CEO (in May 2016). But neither Larry Strickling, then NTIA administrator, nor ICANN, nor any of the "experts" retained then by the U.S. government or ICANN, raised the GDPR as a concern before the IANA transition was completed October 1, 2016. But for the IANA transition, the U.S. government could simply assert its sovereign authority, and immunity, to collect, process, and publish all of the gTLD domain names WHOIS data it wished, to whomever it thought was an appropriate recipient, at internic.net or elsewhere. Now we, the global internet community, are left watching a dysfunctional "ICANN community," dominated by special interests (it costs about $20,000-30,000 a year, per person, just in travel costs and related expenses, to fully participate in ICANN meetings), trying to hammer out a complete GDPR-compliant WHOIS policy over the next twelve months.
b. Redline of Changes - Temporary Specification for gTLD Registration Data | ICANN.org: 17 May 2018 redline-changes-gtld-registration-data-17may18-en.pdf [356 KB] embed below, differences between the published May 14 and finally adopted May 17 versions:
c. What Goes Around Comes Around--Domain Name Registrars Want Six-Month Moratorium (minimum) from ICANN's Temporary WHOIS-GDPR Specification: Letter 16 May 2018 (pdf), to Göran Marby, Chief Executive Officer, Internet Corporation for Assigned Names and Numbers (ICANN):
Dear Göran:
This letter follows ICANN’s intention to create a “Temporary Specification” for registry and registrar compliance with the European Union's General Data Protection Regulation (“GDPR”). Contracted party registrars have been working on our own technical implementations for many months, as there was no guidance from ICANN regarding proposed or actual new policies. Any temporary specification adopted now that significantly deviates from previously held expectations and models will be far too late for us to accommodate for a May 25, 2018 implementation date.
For this reason, we ask that any temporary specification include a formal ICANN compliance moratorium, not shorter than six (6) months, providing us an opportunity to conform, to the extent possible, our GDPR implementation with the GDPR-compliant aspects of any ICANN temporary specification. We note that the six month timeline for implementation is a minimum and an estimate. Depending upon the scope and scale of changes, many registrars will need a longer period to implement any temporary specification imposed by the Board upon the community, and there should be an option for registrars to apply for an extension.
Very truly yours,
Graeme Bunton, on behalf of the following Registrars: Endurance, GoDaddy, Tucows, Blacknight, 1&1, United Domains, NetEarth One, Cloudflare
Cc: Cherine Chalaby, Chair, ICANN Board of Directors, and Jamie Hedlund, SVP, Contractual Compliance & Consumer Safeguardd. Christian Dawson, i2Coalition & Thomas Rickert, eco - Association of the Internet Industry to ICANN Board of Directors, 17 May 2018--ICANN.org: gdpr-comments-i2coalition-eco-icann-proposed-temporary-specification-gtld-registration-data-17may18-en.pdf [87.5 KB] (reformatted and highlighting added):
e. Other Related:
• Deferral of transition to Thick WHOIS Policy Implementation for .COM and .NET--Approved Board Resolutions | Special Meeting of the ICANN Board 13 May 2018 | ICANN.org: "... Whereas, the deferred enforcement period will allow the ICANN organization to continue to engage with the relevant European authorities including the European Union Article 29 Working Party, data protection agencies, contracted parties, and other pertinent stakeholders to gain a better understanding of the relevant aspects of GDPR and how it relates to ICANN's work and the organization's policies and contracts with registries and registrars, including the Thick WHOIS Consensus Policy. Resolved (2018.05.13.06), the President and CEO, or his designee(s), is authorized to defer compliance enforcement of the Thick WHOIS Consensus Policy for six months to 30 November 2018, 30 April 2019 and 31 January 2020, respectively, to allow additional time for the registrars and Verisign to reach agreement on amendments needed to applicable registry-registrar agreements to implement the Policy."
• URS & UDRP Provisions relating to WHOIS/Personal Data (pdf)
• GDPR Models/Analyses | Comments | RiskIQ | ICANN-Proposed Temporary Specification for gTLD Registration Data | ICANN.org: 17 May 2018 gdpr-comments-riskiq-icann-proposed-temporary-specification-gtld-registration-data-17may18-en.pdf [121 KB]
• Letter from Manal Ismail to Cherine Chalaby | ICANN.org: GAC response letter to the ICANN Board regarding the revised scorecard on the ICANN61 GAC GDPR Advice ismail-to-chalaby-17may18-en.pdf [525 KB]
• Letter from Constantinos Georgiades to Göran Marby | ICANN.org
Issue: Request for Guidance: GDPR Impact on the Domain Name System and WHOIS
georgiades-to-marby-16may18-en.pdf [220 KB]
2) Other ICANN news
Original section:
ICANN IRS Form 990 for FYE June 30, 2017 (period July 1, 2016-June 30, 2017) excerpt:
3) Names, Domains & Trademarks
c. UDRP complainants beware: careless attitude doesn't pay off | WorldTrademarkReview.com
4) ICYMI Internet Domain News
b. Gambling operators scoff as Norway approves DNS-blocking | CalvinAyre.com: "blocking the domains of internationally licensed online gambling sites."
c. How reasonable are the EU’s digital taxation plans? | aei.org
d. Oracle to Launch Internet ‘Weather Map’ - CIO Journal. | WSJ.com: "Service combines data points on paths and routing with AI to gauge internet performance worldwide."
e. The Senate Voted to Stand Up for Net Neutrality, Now Tell the House to Do the Same | Electronic Frontier Foundation | eff.org
5) Most read posts this past week on DomainMondo.com:
2. Tech Review | Tesla $TSLA May Need A Takeover, Will Apple $AAPL Bite?
3. European Union's GDPR: How Europe's Data Protection Law Works (video)
4. Global Technology, Media and Communications Conference May 15-17
4. Global Technology, Media and Communications Conference May 15-17
-- John Poole, Editor, Domain Mondo
