True.....but this time the reasoning on Tucows side is a little different.
The central issue surrounds the designation of the data controller. The EU Commissioners has baptised the registries and ICANN joint controllers. That position is the significant one. As I understand it the contention is - and quoting the WP29 here - "there is no fundamental change in the available legal grounds" for collecting and publishing WHOIS data. That is to say, we have longstanding issues of consent and lawful practice for legitimate collection and publication of WHOIS data in keeping with a public WHOIS. Here's the WP29 again, with my emphases:
" - since this consent is a requirement for obtaining a domain name, it is not freely given
and therefore would not be a valid legal basis for the publication of WHOIS-data;
- even though ICANN concludes contracts with registries which require them to publish
WHOIS directories, the individual domain name holders are not a party to these
contracts. Therefore, ICANN and the registries would not be able to rely on the
ground ‘necessary for the performance of a contract’;
- ICANN and the registries would also not be able to rely on a legitimate interest for
making available all personal data in WHOIS directories to the general public."
The mockup released is what emerges after Tucows assessed and responded to their risks within the [re]new[ed] framework. What has changed is the sure and significant monetary penalties associated with breaching the regs. Money - the prospect of losing it - tends to concentrate the mind wonderfully.
They figuring out just how to get out from under - or over - the joint controllership designation. And will likely throw ICANN under the bus if they are not indemnified.
-Carlton