Feb 5, 2020 - by Matt Serlin

EPDP Team Marches Toward Major Milestone

If it feels like the work of the latest group addressing registration data within ICANN has been going on forever, try participating in it! Since the summer of 2018, the team has been meeting regularly for several hours each week, participating in numerous face-to-face meetings and exchanging thousands of e-mails.

Last week in Los Angeles, the team got together once again to continue our Phase 2 work creating policy that will (among other issues) govern the disclosure of non-public registration data to third parties.

As a quick refresher, the majority of data previously available in Whois is now largely unavailable today due to ICANN’s response to myriad privacy regulations enacted around the world (primarily the European Union’s GDPR but others have also been put in place).

Phase 1 of the EPDP’s work focused mostly on foundational items which are now going through the implementation phase at ICANN. It should be in effect at some point during 2020. While this work was important, it won’t result in many visible changes to the landscape as it exists today.

Phase 2 work is also moving toward a milestone with the anticipated publication of an initial report in the next week. While not perfect, the group worked diligently to get to this point and is eager to get feedback from the community.

Within the report, the focus will undoubtedly be on the actual model for disclosure of non-public registration data. The group talked at length about both a centralized model (where requests and disclosure decisions are made by a central entity which is managed by ICANN or its designee) and a decentralized model (where requests and disclosure decisions are made by each individual contracted party).

Ultimately, the group settled on a hybrid model where requests are made centrally (through a system run by ICANN or its designee) and then routed to the appropriate contracted party who is responsible for the actual decision to disclose the data or not.

The benefits of this type of system are numerous and here are just a handful:

  • Requestors will only have to go to one single system to make requests as opposed to several thousand different registrar or registry operators.
  • As requests will flow through a central gateway, it will be able to ensure responses are provided and build in SLAs to which contracted parties will have to adhere.
  • It allows the contracted parties to make the disclosure decisions which is the most legally sound scenario as they directly collect and are responsible for the personal information of each registrant and have a relationship with the data subject.

This will only be an initial report, so our work is not yet complete. There remain many outstanding issues to resolve, but I am hopeful all sides will continue to work in good faith to complete our work and move this forward to conclusion. Publishing an initial report with a specific model proposed is a significant step forward.

I encourage all who have an interest in this subject to take some time to review the initial report when it is released and provide comments. The group will receive and consider your input as we continue the march toward a final report later in the year.

Tags: TAG1, TAG2, TAG3, TAG4


Matt Serlin

With a focus on security, service and support, Matt Serlin joined Brandsight in 2017 to lead all domain operations, including client services and domain name provisioning. Matt has over 15 years of direct domain name experience most recently with MarkMonitor where he was instrumental in building the industry’s first dedicated client services team, which has become the de facto standard for all corporate registrars.

Request a demo.

See for yourself the power of Brandsight.

Schedule a demo
Brandsight web application