Aug 21, 2018 - by Staff Writer
ICANN’s ePDP – An Insider’s Perspective
Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN’s temporary specification regarding WHOIS relative to GDPR has already aged a few months.
The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. As the name implies, it’s designed to be a temporary measure (in place for no more than a year) while the community works to create a formal policy.
Shortly after the June ICANN meeting in Panama City, the Expedited Policy Development Process (ePDP) to address WHOIS began. The ePDP group is comprised of 31 individuals representing various groups within the ICANN community including intellectual property interests, the governments who participate in ICANN, as well as the at-large users and contracted parties.
As a participant in the group representing the Registrar Stakeholder Group, I’ve got a front row seat to this first-of-its-kind process addressing a topic which has been front and center at ICANN since its inception.
The work group is responsible for three main deliverables:
- To start, the group is working to create a triage document to identify where there is consensus on the language within the temporary specification. Each group has been providing input by way of surveys which ask for feedback on specific language to identify where there is agreement or disagreement. We are currently in the process of this now and a draft triage report has already been created. It’s been good to get a view into where each group stands on every point within the temporary specification.
- Next, the group will prepare an initial report (and then a final report after public comments have been received) which documents items that have reached full consensus in the aforementioned triage report. The timeline for this initial report is shortly after the ICANN meeting in Barcelona in October, and this final report is expected in January or February of next year.
- The final deliverable will be a report detailing a proposed model for providing accredited access to non-public registration data. The temporary specification calls for registrars and registries to provide “reasonable access” to non-public WHOIS data, but there are no specific details around that requirement. It is very clearly something which needs to be expanded upon. There is no proposed timeline for this phase of the working group yet, but there are a number of “gating questions” which need to be addressed before work on this can commence.
To date, the group has conducted six calls and will carry on with at least two calls per week along with countless e-mail discussion threads. We have gotten through most of the initial review of the temporary specification and it’s clear to me that we have got our work cut out for us.
Every group participating in this effort is coming to the table with its specific view and historical experience with WHOIS and that is shaping the input provided. WHOIS has been one of the most contentious issues at ICANN for the better part of its history, so to think we could undertake this effort with ease would be naive.
While we all understand that compromise is going to be required on everyone’s part, I think what’s concerning to me is rather than looking at WHOIS specifically in light of GDPR (and what’s likely lawful under it) we are trying to simply fit what has existed historically into this new paradigm. Oh and by the way, it’s not just the European GDPR we should be concerned with as countries around the world look to enact similar privacy focused regulations.
I get it. Everyone is used to how things have historically been, and no one likes change, but if this group is going to be successful we have got to all be willing to take a fresh look and work together to get this across the finish line. In the creation of this policy, the goal really is for it to stand up against whatever privacy focused regulations may come our way in the future.
To say failure is not an option here would be an understatement. There really is no clear path forward if this group is unable to produce a final report with specific policy to replace the temporary specification when it expires in May of 2019. If that were to happen, it’s not a stretch to think it would call into question the overall ability of ICANN (and the community) to manage the global DNS. That’s not a scenario I want to see play out.
I remain hopeful that we will seize this opportunity and the community will ultimately be proud of what comes from this group. I am confident all involved share this sentiment and will work collectively to get us there.
