Europe’s data protection authorities critical of ICANN Whois model

Europe’s data protection authorities have concluded that ICANN’s proposed interim solution for making the Whois system compliant with the EU’s General Data Protection Regulation (GDPR) does not go far enough.

The GDPR, which will come into force on May 25, is designed to harmonise data privacy laws across Europe.

Under the Whois system, domain name registries and registrars must provide public access to information on registrants, including their names and addresses.

In February, ICANN proposed interim changes to the Whois system. A month later, an ICANN discussion group said that it would take ICANN between three months and one year to become GDPR-compliant.

But IP owners have raised concerns that, under the interim model, Whois data will no longer be publically available and that it’s unclear whether rights owners and law enforcement officials will be able to gain access to it after May 25.

On Thursday, April 12, the Article 29 Data Protection Working Party (WP29) welcomed ICANN’s continued efforts to make progress towards compliance but added that it still has concerns regarding several aspects of the proposed interim model.

WP29 is an advisory group made up of a representative from the data protection authority of each EU member state.

The working group encouraged ICANN to “develop appropriate policies and procedures applicable to incidental and systematic requests for access to Whois data, in particular for access by law enforcement entities”.

In response, ICANN said that the working group hadn’t mentioned the internet oversight body’s request for a suspension on law enforcement until ICANN implements a model.

Göran Marby, ICANN president and CEO, said: “Without a moratorium on enforcement, Whois will become fragmented and we must take steps to mitigate this issue. As such, we are studying all available remedies, including legal action in Europe, to clarify our ability to continue to properly coordinate this important global information resource.”

According to ICANN, a fragmented Whois system will hamper the ability of consumer protection agencies which track the traffic patterns of illicit businesses, and stymie trademark owners from protecting IP.

ICANN will meet the WP29 Technology Subgroup on April 23 in Brussels.