GDPR – ICANN has approved the “Temporary Specification for gTLD Registration Data” in an attempt to ensure WHOIS compliance with the GDPR by 25 May.
What is the GDPR?
The GDPR is a new set of regulations aimed at protecting EU citizens from privacy and data breaches. It was approved by the EU Parliament in April 2016 and comes into effect on 25 May 2018.
You can read more about the GDPR here.
ICANN’s Temporary Specification for gTLD Registration Data
The Temporary Specification is designed to establish temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies, as well as the GDPR.
As ICANN notes, “the WHOIS system is critical to the stability and security of the Internet” and the Temporary Specification aims to ensure that the WHOIS system remains available to the greatest extent possible.
Under the Temporary Specification, access to data in the WHOIS system will be restricted in a layered/tiered structure where only users with legitimate purposes can request access to non-public data through registrars and registry operators. Until a unified access model is implemented, registries and registrars will be required to determine which requests are permissible under the law. ICANN’s contracted parties will also need to apply the model outlined in the Temporary Specification when processing personal data linked to the European Economic Area.
The Board of ICANN voted unanimously to approve the Temporary Specification on 17 May 2018, only 8 days before the GDPR comes into operation. The Board will be required to reaffirm its temporary adoption every 90 days, for up to a year.
You can read more about the Temporary Specification here.