PURPOSE 2 DISCUSSION

Some members of the ePDP have asserted that the formulation of Purpose 2 that has been endorsed by the Board, (Contributing to the maintenance of the security, stability, and resiliency of the Domain Name System in accordance with ICANN’s mission) is problematic because the definition of “security, stability, and resilience” (SSR) is overly broad and all encompassing.   This note is intended to provide additional detail on the concept of SSR in the context of ICANN and its processing of personal data as a controller under GDPR.

SSR, as defined in the Bylaws, is ICANN’s mission.  Article 1, Section 1.1 of the ICANN Bylaws, clearly states that ICANN’s  mission is to ensure the stable and secure operation (SSR) of the Internet's unique identifier systems.  The Bylaws themselves go on to provide significant detail regarding the scope of that mission in the context of names, the root server system, numbers, and protocols.

With respect to names, ICANN’s mission is to coordinate the allocation and assignment of names in the root zone of the DNS and the development and implementation of policies concerning the registration of second-level domain names in gTLDs. The Bylaws further specify that in this role, ICANN's scope is to coordinate the development and implementation of policies for which uniform or coordinated resolution is reasonably necessary to facilitate the openness, interoperability, resilience, security and/or stability of the DNS.  In other words, in the context of ICANN’s mission, SSR encompasses ICANN’s efforts to contribute to the openness, interoperability, resilience, security and/or stability of the DNS.

But ICANN’s scope is further constrained by the requirement that Consensus Policies must be developed through a bottom-up consensus-based multistakeholder process and designed to ensure the stable and secure operation of the Internet's unique names systems.

The Bylaws provide examples of the categories of issues that fall within ICANN’s SSR mission.  These include:

•  issues for which uniform or coordinated resolution is reasonably necessary to facilitate interoperability, security and/or stability of the Internet, registrar services, registry services, or the DNS
• functional and performance specifications for the provision of registrar or registry services
• policies reasonably necessary to implement Consensus Policies relating to a gTLD registry or registar
• resolution of disputes regarding the registration of domain names (as opposed to the use of such domain names, but including where such policies take into account use of the domain names); or
• restrictions on cross-ownership of registry operators and registrars or resellers and regulations and restrictions with respect to registrar and registry operations and the use of registry and registrar data in the event that a registry operator and a registrar or reseller are affiliated.

The Bylaws further provide examples of issues that would fall within those categories, including:

•  principles for allocation of registered names in a TLD (e.g., first-come/first-served, timely renewal, holding period after expiration)
• prohibitions on warehousing of or speculation in domain names by registries or registrars
•  reservation of registered names in a TLD that may not be registered initially or that may not be renewed due to reasons reasonably related to (i) avoidance of confusion among or misleading of users, (ii) intellectual property, or (iii) the technical management of the DNS or the Internet (e.g., establishment of reservations of names from registration)
• security and stability of the registry database for a TLD
• maintenance of and access to accurate and up-to-date information concerning registered names and name servers;
• procedures to avoid disruptions of domain name registrations due to suspension or termination of operations by a registry operator or a registrar, including procedures for allocation of responsibility among continuing registrars of the registered names sponsored in a TLD by a registrar losing accreditation; and
• the transfer of registration data upon a change in registrar sponsoring one or more registered names.

With respect to the DNS root name server system, ICANN’s SSR mission encompasses coordination of the operation and evolution of the DNS root name server system.

With respect to numbers, ICANN’s SSR mission is to coordinate the allocation and assignment at the top-most level of Internet Protocol numbers and Autonomous System numbers.

With respect to internet protocol standards, ICANN’s SSR mission involves the provision of  registration services and open access for registries in the public domain requested by Internet protocol development organizations.  

Taken together, these provisions of the ICANN Bylaws articulate with specificity the scope of ICANN’s SSR mission and by definition limit ICANN’s authority to process personal data in pursuit of that mission. Access to accurate and up-to-date registrant data is necessary for ICANN to achieve its mission.  ICANN may need to process such information in order, for example, to:

•  Inform and support consensus policy development, implementation, and enforcement;
•  Conduct research in order to identify and address, in accordance with its Bylaws, new, emerging, and evolving SSR issues within its remit; 
• Respond to and coordinate responses to SSR threats within its remit;
• Enable the work of its Supporting Organizations, Advisory Committees, and standards development bodies with respect to SSR issues within ICANN’s remit;
• Study emerging technologies and national/multi-national policy initiatives in order to educate the ICANN community as well as innovators and policy makers about the impact of such technologies and/or proposals on DNS SSR. 

While it is impossible to specify all of the circumstances in which ICANN may need to process personal registrant data in furtherance of its SSR mission, its processing of personal data in furtherance of its SSR Mission is further constrained in two ways.  First, the Bylaws expressly prohibit ICANN from acting outside its mission.  Second, ICANN’s processing of personal data contained in registrant records is constrained by applicable data protection law.  Like every user of registrant data, ICANN is required to limit its processing of personal data in accordance with fair information practice principles of transparency and lawfulness, purpose specification and limitation, accuracy, data minimization, storage limitation, and data security.  It may process personal data subject to GDPR and similar legislation only with the consent of the data subject or as necessary in pursuit of its legitimate interest in DNS SSR and in proportion to the interests and fundamental rights and freedoms of the data subject. 

Given the rapidly evolving nature of the DNS technology as well as SSR threats, the Board believes that the formulation of Purpose 2 above (Contributing to the maintenance of the security, stability, and resiliency of the Domain Name System in accordance with ICANN’s mission) is both necessary and appropriate.