Aug 21, 2018 - by Matt Serlin
Amazingly enough, summer is rapidly ending as kids head back to school, the temperatures in the mornings are just slightly cooler, and soon enough jeans and sweatshirts will be upon us. It also means that the important work on ICANN’s temporary specification regarding WHOIS relative to GDPR has already aged a few months.
The ICANN Board adopted the temporary specification in May 2018 and it became effective on the 25th of the month. As the name implies, it’s designed to be a temporary measure (in place for no more than a year) while the community works to create a formal policy.
Shortly after the June ICANN meeting in Panama City, the Expedited Policy Development Process (ePDP) to address WHOIS began. The ePDP group is comprised of 31 individuals representing various groups within the ICANN community including intellectual property interests, the governments who participate in ICANN, as well as the at-large users and contracted parties.
As a participant in the group representing the Registrar Stakeholder Group, I’ve got a front row seat to this first-of-its-kind process addressing a topic which has been front and center at ICANN since its inception.
The work group is responsible for three main deliverables:
To date, the group has conducted six calls and will carry on with at least two calls per week along with countless e-mail discussion threads. We have gotten through most of the initial review of the temporary specification and it’s clear to me that we have got our work cut out for us.
Every group participating in this effort is coming to the table with its specific view and historical experience with WHOIS and that is shaping the input provided. WHOIS has been one of the most contentious issues at ICANN for the better part of its history, so to think we could undertake this effort with ease would be naive.
While we all understand that compromise is going to be required on everyone’s part, I think what’s concerning to me is rather than looking at WHOIS specifically in light of GDPR (and what’s likely lawful under it) we are trying to simply fit what has existed historically into this new paradigm. Oh and by the way, it’s not just the European GDPR we should be concerned with as countries around the world look to enact similar privacy focused regulations.
I get it. Everyone is used to how things have historically been, and no one likes change, but if this group is going to be successful we have got to all be willing to take a fresh look and work together to get this across the finish line. In the creation of this policy, the goal really is for it to stand up against whatever privacy focused regulations may come our way in the future.
To say failure is not an option here would be an understatement. There really is no clear path forward if this group is unable to produce a final report with specific policy to replace the temporary specification when it expires in May of 2019. If that were to happen, it’s not a stretch to think it would call into question the overall ability of ICANN (and the community) to manage the global DNS. That’s not a scenario I want to see play out.
I remain hopeful that we will seize this opportunity and the community will ultimately be proud of what comes from this group. I am confident all involved share this sentiment and will work collectively to get us there.
With a focus on security, service and support, Matt Serlin joined Brandsight in 2017 to lead all domain operations, including client services and domain name provisioning. Matt has over 15 years of direct domain name experience most recently with MarkMonitor where he was instrumental in building the industry’s first dedicated client services team, which has become the de facto standard for all corporate registrars.