Ever since ICANN’s creation, there has been a clash between the protection of personal data and its contractually-required Whois service. Under ICANN contracts, registrars were required to publish sensitive information about domain name registrants. The email addresses, names and other contact information of domain holders was available to anyone in...
ICANN* has a problem. One could even call it a disease - an organizational version of Sydenham’s chorea. What are the symptoms? This: ICANN has in place elaborate, well-defined, and reasonably balanced representational mechanisms for making policies. But every time it has an important decision to make, ICANN tries to...
Now that Whois has been changed to become compliant with the GDPR, the battleground over Whois and privacy has shifted to the question of how people can get past the restrictions and gain access to all the personal information about domain name registrants that used to be there. This process...
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. As a result, ICANN allowed registries and registrars to cloak the personal information of domain name registrants in WHOIS, with a caveat that those who had legitimate and proportionate purpose should be allowed access to this cloaked,...
The collision between ICANN’s Whois regime and the European General Data Protection Regulation (GDPR) took a decisive turn May 25, 2018, when ICANN filed injunction proceedings against EPAG, a German registrar affiliated with Tucows. EPAG had notified ICANN that as of May 25 it would no longer collect administrative and technical...
“Martha: Truth or illusion, George; you don't know the difference. George: No, but we must carry on as though we did. Martha: Amen.” Edward Albee, Who’s Afraid of Virginia Woolf? Since February, the prominent security reporter Brian Krebs has been writing on his widely-read blog, Krebs on Security, that...
I remember one of my first conversations about ICANN and WHOIS General Data Protection Regulation compliance with the ICANN CEO. The CEO told me (as he repeatedly told others) that ICANN should consult with the Data Protection Authorities about how to comply with GDPR. I agreed. The boundaries of WHOIS...
The conflict between ICANN’s contracts and data protection law is dominating discourse and policy making at the ICANN 61 meeting in San Juan Puerto Rico. ICANN requires registries and registrars to provide a public directory service, known as Whois, that gives anyone in the world immediate access to personal data...
ICANN Corp seems to have finally taken the tension between Whois and privacy rights seriously, thanks to the impending General Data Protection Regulation (GDPR) in Europe. In preparing for the advent of GDPR, ICANN has solicited legal advice from Hamilton Advokatbyrå, a Swedish law firm, regarding possible conflicts between its...
For the big legacy top level domains like .COM, the registry holds a minimal amount of mainly technical information. But for some time ICANN has been trying to amend its policy to require registries to hold the contact information about the registrant as well. This compromises registrant privacy and is...
“In characteristically rigorous fashion, Mueller’s outstanding book punctures the alarmist myth of Internet fragmentation and helps us to understand what is really at stake as nations and other groups vie for power over the Internet.”
