Impact of GDPR on URS (and later UDRP)
Hi folks, With the WHOIS changes that are apparently coming due to GDPR, e.g. see: https://opensrs.com/blog/2017/11/gdpr-updates-whois-changes/ https://opensrs.com/wp-content/uploads/gdpr_ind.pdf this will likely require that we review the impact on URS (and later UDRP) procedures that provide notice to registrants, as well as other technical aspects. e.g. the URS contains lines like: "1.2 Contents of the Complaint: .... 1.2.3 Name of Registrant (i.e. relevant information available from Whois) and Whois listed available contact information for the relevant domain name(s)." This information will no longer be public for a class of registrants (depending on the implementation by registrars). It's different from "Proxy" WHOIS, where there is a *public* contact point (who can then change it to the true underlying registrant) If there's no other group looking at this issue, it would appear that it would fall to us to make any relevant technical changes to the URS (and UDRP) *before* our final report, to meet the GDPR deadline. Otherwise, in a post GDPR setting, the existing policies might lead to problems for all parties (complainant, registrar, registrant, registry, providers, etc.). Perhaps as a starting point, we should canvass the URS (and UDRP?) providers for their GDPR implementation plans? Sincerely, George Kirikos 416-588-0269 http://www.leap.com/
Hi folks, Just to followup on this GDPR topic that I brought up in December, see the blog post published by ICANN yesterday: https://www.icann.org/news/blog/data-protection-and-privacy-update-seeking-c... in particular "Model 3": "Model 3 would allow for the display of Thin registration data and any other non-personal registration data. To access non-public information, a requestor would provide a subpoena or other order from a court or other judicial tribunal of competent jurisdiction. This model would apply to ***all registrations on a global basis.***" (emphasis added) Model 3 is also discussed at the bottom of page 8: https://www.icann.org/en/system/files/files/interim-models-gdpr-compliance-1... It seems to me that changes to the URS and UDRP procedures might be required, should Model 3 be adopted (I didn't bother to look at Models 1 and 2 in detail yet, but presumably there might be similar concerns). ICANN is allowing feedback for 17 days (!!), with a deadline of January 29, 2017. Since that post was yesterday, that means there are 16 days left to submit feedback. Sincerely, George Kirikos 416-588-0269 http://www.leap.com/ On Tue, Dec 5, 2017 at 11:56 AM, George Kirikos <icann@leap.com> wrote:
Hi folks,
With the WHOIS changes that are apparently coming due to GDPR, e.g. see:
https://opensrs.com/blog/2017/11/gdpr-updates-whois-changes/ https://opensrs.com/wp-content/uploads/gdpr_ind.pdf
this will likely require that we review the impact on URS (and later UDRP) procedures that provide notice to registrants, as well as other technical aspects. e.g. the URS contains lines like:
"1.2 Contents of the Complaint: .... 1.2.3 Name of Registrant (i.e. relevant information available from Whois) and Whois listed available contact information for the relevant domain name(s)."
This information will no longer be public for a class of registrants (depending on the implementation by registrars). It's different from "Proxy" WHOIS, where there is a *public* contact point (who can then change it to the true underlying registrant)
If there's no other group looking at this issue, it would appear that it would fall to us to make any relevant technical changes to the URS (and UDRP) *before* our final report, to meet the GDPR deadline. Otherwise, in a post GDPR setting, the existing policies might lead to problems for all parties (complainant, registrar, registrant, registry, providers, etc.).
Perhaps as a starting point, we should canvass the URS (and UDRP?) providers for their GDPR implementation plans?
Sincerely,
George Kirikos 416-588-0269 http://www.leap.com/
Hi again, On Sat, Jan 13, 2018 at 10:53 AM, George Kirikos <icann@leap.com> wrote:
ICANN is allowing feedback for 17 days (!!), with a deadline of January 29, 2017. Since that post was yesterday, that means there are 16 days left to submit feedback.
Oops, I meant January 29, 2018 (not 2017). ICANN doesn't limit feedback only to Marty McFly and other time-machine owners, yet.... ;-) Sincerely, George Kirikos 416-588-0269 http://www.leap.com/
participants (1)
-
George Kirikos