ICANN 'Carefully Evaluating' Input From EU Privacy Board on GDPR Compliance
ICANN is "carefully evaluating" guidance from the European Data Protection Board (EDPB) on Whois compliance with the general data protection regulation, General Counsel John Jeffrey blogged Friday. The July 5 letter provides additional advice that could "help significantly advance" the…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
discussion, he said. Privacy officials answered questions about ICANN's approach. The EDPB said personal data identifying individual employees or third parties acting on behalf of a registrant shouldn't be made publicly available by default, but if the registrant provides generic contact email information (e.g., admin@domain.com), publication is OK. On a unified access model for legitimate Whois users, EDPB said nonpublic data could be made available to third parties "provided that appropriate safeguards are in place to ensure that the disclosure is proportionate and limited to that which is necessary" and other GDPR mandates are met. It's likely the internet body will receive additional input if the community agrees on a method for providing access to nonpublic Whois information, Jeffrey wrote. The board also discussed ICANN's ongoing legal case in Germany against domain name registrar EPAG (see 1806220001), and ICANN has submitted the letter to the court. Governments are struggling to help ICANN comply with the GDPR while keeping the Whois database as open as possible (see 1806260021).