[ALAC] GDPR on today's ALAC Agenda

Alan Greenberg alan.greenberg at mcgill.ca
Tue Mar 27 18:50:01 UTC 2018

Attached and in the body of this message are the 
notes for today's discussion of GDPR on the ALAC Call.


ALAC Meeting – 27 March 2018 – GDPR Discussion

The ALAC and At-Large are divided on whether the 
proposed Interim Model meets the requirements of 
the GDPR and specifically whether the rationales 
for collecting various data items are specified 
in sufficient detail and are sufficiently 
compelling. There are also differing views on 
whether the transport of data to Registries in 
compliance with "thick WHOIS" rules is GDPR 
compliant. In the absence of concerns over 
privacy, ICANN has previously determined that the 
thick WHOIS model is the one that should be used 
and we should not re-litigate that here. We have 
similarly decided that single points of failure 
must be avoided and all data must be escrowed in 
case of any of multiple forms of failure. All 
data items have proven useful in the past (that 
was the result of ICANN's earlier work). Whether 
it can be justified in the current situation is the question.

All of these issues will need to be judged by 
DPAs and to the extent that they make clear 
statements, we will have to abide by them.

The ALAC has the responsibility to look at all 
issues from and end-user perspective. We also 
have concerns for registrant issues, but where they differ we support users.

1. Must registrars continue to collect the 
contact details for administrative and technical 
contacts and transmit them to the registry and escrow provider?

2. Should anonymized e-mail addresses should be 
substituted for the e-mail addresses for 
registrant, administrative, and technical contacts in public WHOIS?

3. Should registries and registries be permitted 
to optionally apply the model on a global basis?

4. Should the model apply to contact details 
supplied by registrants who are legal persons?

5. Which elements of WHOIS data should be 
published in public WHOIS while an accreditation 
program for layered/tiered access is being developed?

6. How many levels should the "tiered" access mechanism support?

7. Bulk access – should it be allowed?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180327/4d24027b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GDPR-20180327.pdf
Type: application/pdf
Size: 64503 bytes
Desc: not available
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180327/4d24027b/GDPR-20180327.pdf>

More information about the ALAC mailing list