Dear Madam, Sir,

 

Please find attached the comments on behalf of the Data Protection Unit of the Council of Europe to the revised Procedure for Handling WHOIS Conflicts with Privacy Law.

 

Best regards,

 

Peter Kimpian
Data Protection Unit
Human Rights and Rule of Law

CONSEIL DE L'EUROPE - COUNCIL OF EUROPE
tel :  + 33(0) 3 90 21 58 51

www.coe.int/dataprotection

cid:image003.png@01D27D7A.9C76A8F0

 

 

 

From: gac-bounces@gac.icann.org [mailto:gac-bounces@gac.icann.org] On Behalf Of Fabien Betremieux
Sent: mercredi 14 juin 2017 13:06
To: gac@icann.org; gac-pswg@icann.org
Subject: [GAC] Update - Review of ICANN’s Procedure for Handling WHOIS Conflicts with Privacy Law

 

Dear GAC and PSWG Members,

 

Please note that the Public Comment period below was extended to 7 July 2017.

 

Best Regards

Fabien

 

From: Fabien Betremieux <fabien.betremieux@icann.org>
Date: Wednesday, 17 May 2017 at 02:11
To: "gac@icann.org" <gac@icann.org>
Subject: Review of ICANN’s Procedure for Handling WHOIS Conflicts with Privacy Law

 

Dear GAC Members,

 

On 3 May, a public comment period was opened in connection with a GNSO Council resolution which called for ICANN to review the effectiveness of the recently revised Procedure for Handling WHOIS Conflicts with Privacy Law. As you may be aware, this is happening in the context of the changing landscape in Data Protection Law around the world, in particular with the EU General Data Protection Regulation (GDPR).

 

On 15 May, a letter from the ICANN GDD President to the GAC Chair was released on ICANN’s Correspondence page. In this letter, considering the GAC’s stated interest in these matters (most recently in the Copenhagen Communiqué), ICANN is inviting GAC comments on its staff paper, including through participation of National Data Protection Agencies (DPA).

 

The deadline for Public Comments is set to 12 June 2017.

 

 

Additional Information:

 

The Procedure for Handling WHOIS Conflicts with Privacy Law is designed for contracted parties to request exemptions from their contracts with ICANN in case there is a conflict between their obligations and Privacy Laws. While it is in place since 2016, it has never been used because it original trigger has been considered unrealistic: an entity would have to be under a judicial or administrative proceeding to benefit from it.

 

Recognizing this, a first revision process was undertaken in 2015 and led to the addition of a new trigger. However, some contracted parties did not think this would be any more practical. In fact, as indicated during the recent ICANN GDD Summit, Dutch new gTLD Registries (.AMSTERDAM, .FRL) reportedly had to breach their contract obligations to comply with Dutch Privacy Law for lack of meeting any of the triggers of this procedure.

 

ICANN is now asking for GAC and DPAs input on 4 questions included in the staff paper (among others):

1.      How feasible is it for data protection agencies to provide a party with a written statement indicating that a WHOIS obligation in an ICANN contract conflicts with national law?

2.      What type of evidence or documentation should a requesting party provide to the data protection agencies?

3.      What challenges, if any, will data protection agencies face in terms of providing a party with a written statement indicating that a WHOIS obligation in an ICANN contract conflicts with national law?

4.      What improvements or changes could be made to better engage data protection agencies in this process, i.e., Would direct contact with ICANN make the process more efficient?

 

 

Thank you for your attention

 

Best Regards

--

Fabien Betremieux

GAC Relations Advisor

Policy Development Support | ICANN

FR: +33 7 60 09 09 40 | US: +1 310 463 5334 | Skype: fabien.betremieux