The GDPR, which comes into effect on 25 May 2018, poses a considerable challenge for registries and registrars. Significant changes will need to be made by those offering generic domain names. The most debated and most visible change will be that registration data will not longer be publicly accessible.
These changes will result in non-compliance with ICANN policies and contracts. On 17 November 2017, ICANN published a statement, according to which it would defer taking action against any registry or registrar for noncompliance with contractual obligations related to the processing of personal data under certain conditions.
On 10 January 2018, based on the “eco GDPR Domain Industry Playbook”, eco submitted to ICANN a proposal for a model to address the GDPR, which has in the meantime been published on the ICANN website, along with the playbook itself and an Executive Summary, for public comment.
The “eco GDPR Domain Industry Playbook” has undergone various draft stages and a public consultation was held in Brussels on 11 December 2017 to seek input from interested stakeholders. Some 100 participants attended the consultation either in person or remotely.
While more discussion needs to take place on various aspects of the playbook due to the complexity of the issue – which affects a multitude of operational, technical and legal aspects of the domain industry – the following companies supported the submission of the model to ICANN.
Registries:
Afilias Ltd.; dotBERLIN GmbH & Co. KG; CentralNic Ltd.; Donuts Inc.; Dot Global Domain Registry; Neustar, Inc.; Nominet; Public Interest Registry (PIR); tldbox GmbH; VeriSign, Inc.
Registrars:
1&1 Internet SE; Arsys Blacknight Internet Solutions Ltd.; GoDaddy; Realtime Register B.V.; Strato AG / Cronon AG; TUCOWS INC.; united-domains AG
The models published by ICANN can be commented on until 29.01.2018 by sending an email to gdpr@icann.org. eco will take this opportunity to take a position and will continue to drive discussion on behalf of providers.