ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission
![](https://secure.gravatar.com/avatar/3c6764476187eb60b7e1061cc2aac69a.jpg?s=120&d=mm&r=g)
This could be of interest to some.. ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission. ICANN's responses to questions 11,12,13 and 14 in relation to the use of WHOIS information, its purpose and usefulness highlights the importance of the registration data. https://www.icann.org/news/announcement-2020-09-10-en Best Hadia
![](https://secure.gravatar.com/avatar/2ff339ebf71d0eaf8075c22cbf3809fd.jpg?s=120&d=mm&r=g)
On 15/09/2020 13:55, Hadia Abdelsalam Mokhtar EL miniawi wrote:
This could be of interest to some..
ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission. ICANN's responses to questions 11,12,13 and 14 in relation to the use of WHOIS information, its purpose and usefulness highlights the importance of the registration data.
This is a welcome, good and balanced response by ICANN to the WHOIS damage caused by GDPR. I've been working on a project to measure registrars and reseller activity in gTLDs and ccTLDs and the relevant statistics on the registrar/reseller markets. Legal persons being excluded from WHOIS data on the same basis as natural persons was a big mistake. It has also introduced a level of instability to the DNS that can be difficult to remedy. It was good to see ICANN explain it in simple terms for these people. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com **********************************************************
![](https://secure.gravatar.com/avatar/27cd8cc381692a51e2e17ee96505cf97.jpg?s=120&d=mm&r=g)
This is a welcome, good and balanced response by ICANN to the WHOIS damage caused by GDPR.
The damage was not done by GDPR, it was done by ICANN as they insist on a centralized model despite different approaches were given. The major pitfall of the centralized approach is the assumption, that there could be a worldwide, consistent law for this purpose. Whois allows delegation of data to different servers under different jurisdictions, so each registrar can run a whois server in his own local law area and serve the registrants directly from there. Data collection on direct contracts are legal under local law, so no problem here. Then the registrar orders the domain from the registry, which in turn is a different contract, and can be handled by the registry whois server. This data collection (about the registar!) is legal, too. ICANN has contracts with registries to handle TLDs, which is operated by IANA. Consequently, if you ask whois.iana.org for anything, it will respond with the details of the contracted registry and a delegation to the registry whois server. This is well known to ICANN, but they decided to ignore all legal and lawful issue in order to please the law enforcement agencies (which are too lazy to fill out the legally required forms for data access), the IP property companies (which consider themselves as the private part of the LEAs), and the domain marketing industry (which likes bulk access for wet Big Data Dreams). So GDPR is not the cause of the problem. It only makes a long standing ignorance of ICANN public. So please do not shot the messenger. Thank you.
![](https://secure.gravatar.com/avatar/2ff339ebf71d0eaf8075c22cbf3809fd.jpg?s=120&d=mm&r=g)
On 16/09/2020 13:51, Lutz Donnerhacke wrote:
This is a welcome, good and balanced response by ICANN to the WHOIS damage caused by GDPR.
The damage was not done by GDPR, it was done by ICANN as they insist on a centralized model despite different approaches were given. The major pitfall of the centralized approach is the assumption, that there could be a worldwide, consistent law for this purpose.
Well, maybe this is evolution in progress with ICANN after the scale of the screwup has become apparent.
This is well known to ICANN, but they decided to ignore all legal and lawful issue in order to please the law enforcement agencies (which are too lazy to fill out the legally required forms for data access), the IP property companies (which consider themselves as the private part of the LEAs), and the domain marketing industry (which likes bulk access for wet Big Data Dreams).
Redacting personal data may be a good thing. It is being abused by spammers and marketers. However, the problem is that *all* data is being redacted including legal person data (company ownership etc). That creates stability and trust issues. I've been working on a project measuring the domain name industry and TLD market each country and at a global level. At the moment, it has grouped approximately 94% of the legacy gTLD markets and 96.34% of the new gTLD markets. It has similar coverage on some of the ccTLDs samples in the project. There are issues with the accuracy of some of the WHOIS data that is still visible. Those wonderful ICANN WHOIS accuracy studies seem wonderfully optimistic and are about as reliable as opinion polls. Their samples are mathematically sound but it is Numerology for ICANN management.
So GDPR is not the cause of the problem. It only makes a long standing ignorance of ICANN public. So please do not shot the messenger.
GDPR is not a global solution. ICANN should have concentrated on ensuring the stability of the Internet rather than allowing a Babel-like situation to emerge. The one strong point of a centralised system is that the centraliser can chose the jurisdiction. But that would assume that the gTLDs have no competition. The reality is that ICANN management banjaxed the dominance of the gTLDs in the mid-2000s when it failed to effectively deal with Domain Tasting. That kickstarted the growth in the ccTLDs. The reality is that the .COM gTLD is now a second choice TLD in most countries outside the US and the other legacy gTLDs are on life-support from their old brand protection registrations. New registration volume in most countries outside the US is overwhelmingly ccTLD. In some respects, ICANN is the Titanic unwittingly steaming towards an iceberg field with a coalbunker fire weakening its hull. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com **********************************************************
![](https://secure.gravatar.com/avatar/85bfd9119504b9fdc4fd60aeee0b2eaf.jpg?s=120&d=mm&r=g)
On 17/09/2020 10:04, Lutz Donnerhacke wrote:
The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point.
So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards, Olivier
![](https://secure.gravatar.com/avatar/d8093175daedc7dd6907bcf50051771c.jpg?s=120&d=mm&r=g)
Dear all, I think that the problem is a bit more complicated. An organization - for instance a Registry or a Registrar, but even ICANN itself - can choose the jurisdiction, but there are transactions that depend on the jurisdiction of the counterpart - or even multiple jurisdictions in the case of ICANN. As an example, a Registrar operates in its own jurisdiction but has to comply with GDPR if dealing with customers that are subject to European jurisdiction. Of course, if it does not want to comply, it has still the option of not accepting European citizen or residents as customers. I am not sure, though, that this option is attractive for overseas Registrars. Anyway, I agree by and large with Lutz, and would also like to add that GDPR came out because the EU was sick and tired of having its recommendation on privacy completely disregarded as if EU law was irrelevant in a global world, so I am surprised that some people were surprised. Cheers, Roberto
On 17.09.2020, at 20:04, Olivier MJ Crépin-Leblond <ocl@gih.com> wrote:
On 17/09/2020 10:04, Lutz Donnerhacke wrote:
The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point.
So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards,
Olivier _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
![](https://secure.gravatar.com/avatar/29943efe6e0ec32f29967a3a1b40145b.jpg?s=120&d=mm&r=g)
Olivier ICANN is a US entity. My company is an Irish entity. ICANN cannot force us to do anything that is not legal under Irish law. So choosing the jurisdiction is kind of meaningless Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: CPWG <cpwg-bounces@icann.org> on behalf of Olivier Crepin-Leblond <ocl@gih.com> Date: Thursday 17 September 2020 at 19:04 To: Lutz Donnerhacke <lutz@donnerhacke.de>, "cpwg@icann.org" <cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission On 17/09/2020 10:04, Lutz Donnerhacke wrote: The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point. So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards, Olivier
![](https://secure.gravatar.com/avatar/85bfd9119504b9fdc4fd60aeee0b2eaf.jpg?s=120&d=mm&r=g)
Thanks for your follow-up Michele. So purely under contractual arrangements, in your case the Registrar Accreditation Agreement, which I guess is the one found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en the agreement mentions California enough times to be fair to assume that it follows the law of California - especially since dispute resolution in section 5.8 mentions the rules of the International Arbitration Rules of the American Arbitration Association ("AAA"). So of course ICANN cannot ask you to do something which is contrary to Irish Law, but we've seen that it has in the past, for example the Registrar Data Retention Program? You and I know that ICANN has a process for requesting a Waiver of Data Retention, outlined on https://www.icann.org/resources/pages/retention-2013-09-13-en But ultimately, isn't ICANN the final decider of whether it gives you that waiver or not, according to its rules outlined in https://www.icann.org/resources/pages/waiver-request-process-2013-09-13-en? They are not required to do so by US law, are they? Kindest regards, Olivier On 18/09/2020 17:04, Michele Neylon - Blacknight wrote:
Olivier
ICANN is a US entity.
My company is an Irish entity.
ICANN cannot force us to do anything that is not legal under Irish law.
So choosing the jurisdiction is kind of meaningless
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
*From: *CPWG <cpwg-bounces@icann.org> on behalf of Olivier Crepin-Leblond <ocl@gih.com> *Date: *Thursday 17 September 2020 at 19:04 *To: *Lutz Donnerhacke <lutz@donnerhacke.de>, "cpwg@icann.org" <cpwg@icann.org> *Subject: *Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission
On 17/09/2020 10:04, Lutz Donnerhacke wrote:
The one strong point of a centralised system is that the centraliser can
chose the jurisdiction.
No, he can't. That's the whole point.
So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards,
Olivier
-- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
![](https://secure.gravatar.com/avatar/29943efe6e0ec32f29967a3a1b40145b.jpg?s=120&d=mm&r=g)
Olivier They could choose not to grant a waiver, but there’s no way that they’ll be able to force a contracted party like ourselves to break our local law. So the waiver system is more like a way for them to note that registrar X won’t be complying Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Olivier Crepin-Leblond <ocl@gih.com> Date: Friday 18 September 2020 at 17:23 To: Michele Neylon <michele@blacknight.com>, Lutz Donnerhacke <lutz@donnerhacke.de>, "cpwg@icann.org" <cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission Thanks for your follow-up Michele. So purely under contractual arrangements, in your case the Registrar Accreditation Agreement, which I guess is the one found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en the agreement mentions California enough times to be fair to assume that it follows the law of California - especially since dispute resolution in section 5.8 mentions the rules of the International Arbitration Rules of the American Arbitration Association ("AAA"). So of course ICANN cannot ask you to do something which is contrary to Irish Law, but we've seen that it has in the past, for example the Registrar Data Retention Program? You and I know that ICANN has a process for requesting a Waiver of Data Retention, outlined on https://www.icann.org/resources/pages/retention-2013-09-13-en But ultimately, isn't ICANN the final decider of whether it gives you that waiver or not, according to its rules outlined in https://www.icann.org/resources/pages/waiver-request-process-2013-09-13-en? They are not required to do so by US law, are they? Kindest regards, Olivier On 18/09/2020 17:04, Michele Neylon - Blacknight wrote: Olivier ICANN is a US entity. My company is an Irish entity. ICANN cannot force us to do anything that is not legal under Irish law. So choosing the jurisdiction is kind of meaningless Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: CPWG <cpwg-bounces@icann.org><mailto:cpwg-bounces@icann.org> on behalf of Olivier Crepin-Leblond <ocl@gih.com><mailto:ocl@gih.com> Date: Thursday 17 September 2020 at 19:04 To: Lutz Donnerhacke <lutz@donnerhacke.de><mailto:lutz@donnerhacke.de>, "cpwg@icann.org"<mailto:cpwg@icann.org> <cpwg@icann.org><mailto:cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission On 17/09/2020 10:04, Lutz Donnerhacke wrote: The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point. So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards, Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html
![](https://secure.gravatar.com/avatar/80f74e572e59e6080953d1cecafac39b.jpg?s=120&d=mm&r=g)
ICANN operates under the US jurisdiction and is therefore obliged to comply with US law. ICANN is also under a lot of pressure for taking actions that, although not bringing any result other than annoying a lot of non-US stakeholders, serve the purpose of projecting the image of US law governing outside its jurisdiction. The waiver thing is exactly this: European contracted parties have to sign a formal request - therefore formally recognising the “power” upon them of US law - while the reality is that it is Europe who is enforcing its law. This said, I am not sure that ICANN fully understands how taking positions that appear unreasonable for non-US stakeholders - in particular contracted parties - further challenges its international image. Cheers, Roberto On 19.09.2020, at 20:13, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Olivier They could choose not to grant a waiver, but there’s no way that they’ll be able to force a contracted party like ourselves to break our local law. So the waiver system is more like a way for them to note that registrar X won’t be complying Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Olivier Crepin-Leblond <ocl@gih.com<mailto:ocl@gih.com>> Date: Friday 18 September 2020 at 17:23 To: Michele Neylon <michele@blacknight.com<mailto:michele@blacknight.com>>, Lutz Donnerhacke <lutz@donnerhacke.de<mailto:lutz@donnerhacke.de>>, "cpwg@icann.org<mailto:cpwg@icann.org>" <cpwg@icann.org<mailto:cpwg@icann.org>> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission Thanks for your follow-up Michele. So purely under contractual arrangements, in your case the Registrar Accreditation Agreement, which I guess is the one found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en the agreement mentions California enough times to be fair to assume that it follows the law of California - especially since dispute resolution in section 5.8 mentions the rules of the International Arbitration Rules of the American Arbitration Association ("AAA"). So of course ICANN cannot ask you to do something which is contrary to Irish Law, but we've seen that it has in the past, for example the Registrar Data Retention Program? You and I know that ICANN has a process for requesting a Waiver of Data Retention, outlined on https://www.icann.org/resources/pages/retention-2013-09-13-en But ultimately, isn't ICANN the final decider of whether it gives you that waiver or not, according to its rules outlined inhttps://www.icann.org/resources/pages/waiver-request-process-2013-09-13-en? They are not required to do so by US law, are they? Kindest regards, Olivier On 18/09/2020 17:04, Michele Neylon - Blacknight wrote: Olivier ICANN is a US entity. My company is an Irish entity. ICANN cannot force us to do anything that is not legal under Irish law. So choosing the jurisdiction is kind of meaningless Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: CPWG <cpwg-bounces@icann.org><mailto:cpwg-bounces@icann.org> on behalf of Olivier Crepin-Leblond <ocl@gih.com><mailto:ocl@gih.com> Date: Thursday 17 September 2020 at 19:04 To: Lutz Donnerhacke <lutz@donnerhacke.de><mailto:lutz@donnerhacke.de>, "cpwg@icann.org"<mailto:cpwg@icann.org> <cpwg@icann.org><mailto:cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission On 17/09/2020 10:04, Lutz Donnerhacke wrote: The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point. So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards, Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html _______________________________________________ CPWG mailing list CPWG@icann.org<mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
![](https://secure.gravatar.com/avatar/06219dc054fbf68dad48552cb13de1de.jpg?s=120&d=mm&r=g)
Any US (or non-US non-EU) company that comes within the jurisdiction of Article 3(2) of the GDPR is obligated to comply with the GDPR, irrespective of its internal rules and practices. ICANN does not have a status under international law that would make is immune from complying with national laws. From: CPWG <cpwg-bounces@icann.org> On Behalf Of Roberto Gaetano Sent: Saturday, September 19, 2020 9:16 AM To: Michele Neylon - Blacknight <michele@blacknight.com> Cc: CPWG <cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission ICANN operates under the US jurisdiction and is therefore obliged to comply with US law. ICANN is also under a lot of pressure for taking actions that, although not bringing any result other than annoying a lot of non-US stakeholders, serve the purpose of projecting the image of US law governing outside its jurisdiction. The waiver thing is exactly this: European contracted parties have to sign a formal request - therefore formally recognising the “power” upon them of US law - while the reality is that it is Europe who is enforcing its law. This said, I am not sure that ICANN fully understands how taking positions that appear unreasonable for non-US stakeholders - in particular contracted parties - further challenges its international image. Cheers, Roberto On 19.09.2020, at 20:13, Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com> > wrote: Olivier They could choose not to grant a waiver, but there’s no way that they’ll be able to force a contracted party like ourselves to break our local law. So the waiver system is more like a way for them to note that registrar X won’t be complying Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains <https://www.blacknight.com/> https://www.blacknight.com/ <https://blacknight.blog/> https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: <https://michele.blog/> https://michele.blog/ Some thoughts: <https://ceo.hosting/> https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Olivier Crepin-Leblond <ocl@gih.com <mailto:ocl@gih.com> > Date: Friday 18 September 2020 at 17:23 To: Michele Neylon <michele@blacknight.com <mailto:michele@blacknight.com> >, Lutz Donnerhacke <lutz@donnerhacke.de <mailto:lutz@donnerhacke.de> >, "cpwg@icann.org <mailto:cpwg@icann.org> " <cpwg@icann.org <mailto:cpwg@icann.org> > Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission Thanks for your follow-up Michele. So purely under contractual arrangements, in your case the Registrar Accreditation Agreement, which I guess is the one found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en the agreement mentions California enough times to be fair to assume that it follows the law of California - especially since dispute resolution in section 5.8 mentions the rules of the International Arbitration Rules of the American Arbitration Association ("AAA"). So of course ICANN cannot ask you to do something which is contrary to Irish Law, but we've seen that it has in the past, for example the Registrar Data Retention Program? You and I know that ICANN has a process for requesting a Waiver of Data Retention, outlined on https://www.icann.org/resources/pages/retention-2013-09-13-en But ultimately, isn't ICANN the final decider of whether it gives you that waiver or not, according to its rules outlined inhttps://www.icann.org/resources/pages/waiver-request-process-2013-09-13-en? They are not required to do so by US law, are they? Kindest regards, Olivier On 18/09/2020 17:04, Michele Neylon - Blacknight wrote: Olivier ICANN is a US entity. My company is an Irish entity. ICANN cannot force us to do anything that is not legal under Irish law. So choosing the jurisdiction is kind of meaningless Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains <https://www.blacknight.com/> https://www.blacknight.com/ <https://blacknight.blog/> https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: <https://michele.blog/> https://michele.blog/ Some thoughts: <https://ceo.hosting/> https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: CPWG <mailto:cpwg-bounces@icann.org> <cpwg-bounces@icann.org> on behalf of Olivier Crepin-Leblond <mailto:ocl@gih.com> <ocl@gih.com> Date: Thursday 17 September 2020 at 19:04 To: Lutz Donnerhacke <mailto:lutz@donnerhacke.de> <lutz@donnerhacke.de>, <mailto:cpwg@icann.org> "cpwg@icann.org" <mailto:cpwg@icann.org> <cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission On 17/09/2020 10:04, Lutz Donnerhacke wrote: The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point. So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards, Olivier -- Olivier MJ Crépin-Leblond, PhD http://www.gih.com/ocl.html _______________________________________________ CPWG mailing list CPWG@icann.org <mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
![](https://secure.gravatar.com/avatar/dc702d3fb3a71bb523f9bc7ff190a676.jpg?s=120&d=mm&r=g)
Well, the whole point of the EU amendment to the then draft Articles of Incorporation (1998) was to ensure that ICANN would respect applicable local laws. Regarding Privacy, the relevant EU laws had been enacted long before GDPR (or EPDP or indeed the 'waivers' procedure.) CW
El 19 de septiembre de 2020 a las 21:46 "Seth M. Reiss" <seth.reiss@lex-ip.com> escribió:
Any US (or non-US non-EU) company that comes within the jurisdiction of Article 3(2) of the GDPR is obligated to comply with the GDPR, irrespective of its internal rules and practices. ICANN does not have a status under international law that would make is immune from complying with national laws.
From: CPWG <cpwg-bounces@icann.org> On Behalf Of Roberto Gaetano Sent: Saturday, September 19, 2020 9:16 AM To: Michele Neylon - Blacknight <michele@blacknight.com> Cc: CPWG <cpwg@icann.org> Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission
ICANN operates under the US jurisdiction and is therefore obliged to comply with US law.
ICANN is also under a lot of pressure for taking actions that, although not bringing any result other than annoying a lot of non-US stakeholders, serve the purpose of projecting the image of US law governing outside its jurisdiction.
The waiver thing is exactly this: European contracted parties have to sign a formal request - therefore formally recognising the “power” upon them of US law - while the reality is that it is Europe who is enforcing its law.
This said, I am not sure that ICANN fully understands how taking positions that appear unreasonable for non-US stakeholders - in particular contracted parties - further challenges its international image.
Cheers,
Roberto
> >
On 19.09.2020, at 20:13, Michele Neylon - Blacknight <michele@blacknight.com mailto:michele@blacknight.com > wrote:
Olivier
They could choose not to grant a waiver, but there’s no way that they’ll be able to force a contracted party like ourselves to break our local law. So the waiver system is more like a way for them to note that registrar X won’t be complying
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/ https://www.blacknight.com/
https://blacknight.blog/ https://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/ https://michele.blog/
Some thoughts: https://ceo.hosting/ https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: Olivier Crepin-Leblond <ocl@gih.com mailto:ocl@gih.com > Date: Friday 18 September 2020 at 17:23 To: Michele Neylon <michele@blacknight.com mailto:michele@blacknight.com >, Lutz Donnerhacke <lutz@donnerhacke.de mailto:lutz@donnerhacke.de >, "cpwg@icann.org mailto:cpwg@icann.org " <cpwg@icann.org mailto:cpwg@icann.org > Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission
Thanks for your follow-up Michele.
So purely under contractual arrangements, in your case the Registrar Accreditation Agreement, which I guess is the one found at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en the agreement mentions California enough times to be fair to assume that it follows the law of California - especially since dispute resolution in section 5.8 mentions the rules of the International Arbitration Rules of the American Arbitration Association ("AAA").
So of course ICANN cannot ask you to do something which is contrary to Irish Law, but we've seen that it has in the past, for example the Registrar Data Retention Program? You and I know that ICANN has a process for requesting a Waiver of Data Retention, outlined on https://www.icann.org/resources/pages/retention-2013-09-13-en But ultimately, isn't ICANN the final decider of whether it gives you that waiver or not, according to its rules outlined inhttps://www.icann.org/resources/pages/waiver-request-process-2013-09-13-en? They are not required to do so by US law, are they?
Kindest regards,
Olivier
On 18/09/2020 17:04, Michele Neylon - Blacknight wrote:
> > >
Olivier
ICANN is a US entity.
My company is an Irish entity.
ICANN cannot force us to do anything that is not legal under Irish law.
So choosing the jurisdiction is kind of meaningless
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/ https://www.blacknight.com/
https://blacknight.blog/ https://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/ https://michele.blog/
Some thoughts: https://ceo.hosting/ https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
From: CPWG <cpwg-bounces@icann.org> mailto:cpwg-bounces@icann.org on behalf of Olivier Crepin-Leblond <ocl@gih.com> mailto:ocl@gih.com Date: Thursday 17 September 2020 at 19:04 To: Lutz Donnerhacke <lutz@donnerhacke.de> mailto:lutz@donnerhacke.de , "cpwg@icann.org" mailto:cpwg@icann.org <cpwg@icann.org> mailto:cpwg@icann.org Subject: Re: [CPWG] ICANN orgs responds to digital Services Act initiative Public Consultation launched by European Commission
On 17/09/2020 10:04, Lutz Donnerhacke wrote:
> > > >
> > > > >
The one strong point of a centralised system is that the centraliser can
chose the jurisdiction.
> > > >
No, he can't. That's the whole point.
> > >
So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction? Kindest regards,
Olivier
> >
--
Olivier MJ Crépin-Leblond, PhD
_______________________________________________ CPWG mailing list CPWG@icann.org mailto:CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
![](https://secure.gravatar.com/avatar/27cd8cc381692a51e2e17ee96505cf97.jpg?s=120&d=mm&r=g)
Von: CPWG <cpwg-bounces@icann.org> Im Auftrag von Olivier MJ Crépin-Leblond
On 17/09/2020 10:04, Lutz Donnerhacke wrote:
The one strong point of a centralised system is that the centraliser can chose the jurisdiction. No, he can't. That's the whole point. So if the centraliser was ICANN, you are saying that ICANN cannot choose to use US jurisdiction?
Please have a look at the hierarchy of contracts: 1) ICANN with Registry 2) Registry with Registrar 3) Registrar with Registrant (via optional chain of Resellers) GDPR (and other local law) applies to the contracts of the registrant only. Can you please explain, in which way the jurisdiction of ICANN plays any role here? An now back to the centralized whois model: ICANN insists, that registries run a centralized whois, hence require them to collect contractual data of step 3) into the jurisdiction of step 1). This should be done by require analogous requirements into the registrar contracts, but it's illegal to influence contracts between third parties in step 2). Based on those indirect contractual requirements, ICANN insists on analogous requirements in the reseller and registrant contracts (illegal, too). In consequence ICANN seeks to break the law two times in order to break local law in the jurisdiction of the registrant (by copying data outside of the jurisdiction) for no real reason. I already numbered the beneficiaries: Law breaking LEAs, Law breaking IP-law-companies, and marketing industry. If ICANN really want to keep a centralized whois, there is only one way to achieve this: Get rid of the registries, registrars, and resellers. Build an hierarchical reseller system using the same entities to ensure, that every registants domain contract is directly with ICANN. All the resellers on the way down only act as money collectors like in a pyramid scheme. Personally, I'd take the "ultra thin whois" approach and just publish the contractual relationships step by step under the appropriate local law. There is nothing to invent, as whois.iana.org does already operates in this mode.
participants (9)
-
Hadia Abdelsalam Mokhtar EL miniawi
-
John McCormac
-
Lutz Donnerhacke
-
mail@christopherwilkinson.eu CW
-
Michele Neylon - Blacknight
-
Olivier MJ Crépin-Leblond
-
Roberto Gaetano
-
Roberto Gaetano
-
Seth M. Reiss