Latest news of the domain name industry

Recent Posts

ICANN chief tells industry to lawyer up as privacy law looms

Kevin Murphy, November 10, 2017, Domain Services

The domain name industry should not rely on ICANN to protect it from incoming EU privacy law.

That’s the strong message that came out of ICANN 60 in Abu Dhabi last week, with the organization’s CEO repeatedly advising companies to seek their own legal advice on compliance with the General Data Protection Regulation.

The organization also said that it will “defer taking action” against any registrar or registry that does not live up its contractual Whois commitments, within certain limits.

“GDPR is a law. I didn’t come up with it, it didn’t come from ICANN policy, it’s the law,” Marby said during ICANN 60 in Abu Dhabi last week.

“This is the first time we’ve seen any legislation that has a direct impact on our ability to make policies,” he said.

GDPR is the EU law governing how companies treat the private information of individuals. While in force now, from May next year companies in any industry found in breach of GDPR could face millions of euros in fines.

For the domain industry, it is expected to force potentially big changes on the current Whois system. The days of all Whois contact information published freely for all to see may well be numbered.

But nobody — not even ICANN — yet knows precisely how registries and registrars are going to be able to comply with the law whilst still publishing Whois data as required by their ICANN contracts.

The latest official line from ICANN is:

At this point, we know that the GDPR will have an impact on open, publicly available WHOIS. We have no indication that abandoning existing WHOIS requirements is necessary to comply with the GDPR, but we don’t know the extent to which personal domain registration data of residents of the European Union should continue to be publicly available.

Marby told ICANNers last week that it might not be definitively known how the law applies until some EU case law has been established in the highest European courts, which could take years.

A GNSO working group and ICANN org have both commissioned legal studies by European law experts. The ICANN one, by Swedish law firm Hamilton, is rather more comprehensive and can be read here (pdf).

Even after this report, Marby said ICANN is still in “discovery” mode.

Marby encouraged the industry to not only submit their questions to ICANN, to be referred on to Hamilton for follow-up studies, but also to share whatever legal advice they have been given and are able to share.

He and others pointed out that Whois is not the only point of friction with GDPR — it’s a privacy law, not a Whois law — so registries and registrars should be studying all of their personal data collection processes for potential conflicts.

Because there is very likely going to be a clash between GDPR compliance and ICANN contract compliance, ICANN has suspended all enforcement actions against Whois violations, within certain parameters.

It said last week that: “ICANN Contractual Compliance will defer taking action against any registry or registrar for noncompliance with contractual obligations related to the handling of registration data.”

This is not ICANN saying that registries and registrars can abandon Whois altogether, the statement stresses, but they might be able to adjust their data-handling models.

Domain firms will have to show “a reasonable accommodation of existing contractual obligations and the GDPR” and will have to submit their models to ICANN for review by Hamilton.

ICANN also stressed that registries may have to undergo a Registry Services Evaluation Process review before they can deploy their new model.

The organization has already told two Dutch new gTLD registries that they must submit to an RSEP, after .amsterdam and .frl abruptly stopped publishing Whois data for private registrants recently.

General counsel John Jeffrey wrote to the registries’ lawyer (pdf) to state that an RSEP is required regardless of whether the “new registry service” was introduced to comply with local law.

“One of the underlying purposes of this policy is to ensure that a new registry service does not create and security, stability or competition concerns,” he wrote.

Jeffrey said that while Whois privacy was offered at the registry level, registrars were still publishing full contact details for the same registrants.

ICANN said last week that it will publish more detailed guidance advising registries and registrars how to avoid breach notices will be published “shortly”.

.wine no longer blocked after EU drops complaint

Kevin Murphy, June 11, 2015, Domain Policy

Donuts and ICANN are currently in the process of signing new gTLD agreements for .wine and .vin, after the European Union and wine sellers dropped objections.

As of today, both gTLDs are “In Contracting” rather than “On Hold”, according to ICANN’s web site.

ICANN revealed earlier this week that the European Union and various wine trade associations have both dropped their Cooperative Engagement Process complaints.

CEP is less formal precursor to a much more expensive and lawyer-hungry Independent Review Process complaint.

With the CEPs out of the way, Donuts is now free to sign its contracts.

Donuts won the auction for .wine back in November, but its application was frozen due to ongoing arguments about the protection of “geographic indicators” representing wine-making regions.

Governments, particularly in Europe and Latin America, had protested that .wine and .vin should not be allowed to launch until areas such as Rioja and Champagne were given special privileges.

Last October, ICANN CEO Fadi Chehade told the French government that it was negotiating with applicants to get these protections included in the contracts.

Either Donuts has agreed to such protections, or the EU and wine-makers have gotten bored of complaining.

My feeling is the former is probably more likely, which may be controversial in itself.

There is no international agreement on GI protection — the US and Australia opposed the EU’s position on .wine — so this may be seen as a case of ICANN creating new rights where none previously existed.

EU IDN not banned after all

Kevin Murphy, October 20, 2014, Domain Policy

The European Union request for the Greek-script ccTLD .ευ has not been thrown out, according to ICANN.

Last week DI reported that .ευ was the only one of three IDN ccTLD requests — the other two being Bulgaria’s .бг and Greece’s .ελ — to fail a test for confusing similarity on appeal.

.ευ was found to be confusingly similar to .EY and .EU, but only when in upper case.

The similarity panel’s decision would mean, I reported, that .бг and .ελ would be delegated but .ευ would not, under ICANN rules.

I wondered aloud what the Governmental Advisory Committee would think about that, given that it had lobbied for the creation of the appeals process in order to get an earlier rejection of .ευ overturned.

Shortly after publishing the article, ICANN reached out to say I was wrong and ask for a correction.

“We (ICANN) have not rejected the .ευ application,” a spokesperson said.

“Due to the unprecedented nature of the split results, the issue needs to be discussed at the senior management and Board level before a final decision is made,” he said.

The “split results” refers to the fact that there was found to be no confusing similarity with .ευ in lower case.

However, the ICANN rule I referred to says (which my emphasis):

The rule is that if the appearance of the selected string, in upper or lower case, in common fonts in small sizes at typical screen resolutions, is sufficiently close to one or more other strings, it is probable that a reasonable Internet user who is unfamiliar with the script perceives the strings to be the same or confuses one for the other.

That’s adapted almost verbatim from the original recommendations of the ccNSO. The only addition ICANN made was to add the clearly important clause “in upper or lower case” to the text.

It seemed pretty straightforward to me — confusing similarity exists regardless of case.

I pointed this out to ICANN last Wednesday and asked where I could find the rule that said the ICANN board or staff get to review a “split results” finding but have yet to receive a reply.

.wine is a go

Kevin Murphy, March 26, 2014, Domain Policy

ICANN has approved the new gTLDs .wine and .vin, despite objections from the European Union.

In a resolution this weekend, published today, its board’s New gTLD Program Committee said “that the applications for .WINE and .VIN should proceed through the normal evaluation process.”

The resolution acknowledges the Governmental Advisory Committee’s lack of consensus against the two wine-related gTLDs, but not the EU’s view that geographic indicators such as “Champagne” should be protected.

European nations thought both gTLDs should be put on hold until the applicants agreed to these special protections, but the US, Australia and other nations disagreed.

ICANN sought the legal opinion (pdf) of a French law professor in its decision-making.

The EU is going to be pretty angry about this, but in the absence of a consensus objection from the GAC against the strings, it appears that the NGPC has made the right call in this case.

.eu names to be sold outside the EU

Kevin Murphy, December 4, 2013, Domain Registries

EURid is to expand sales of .eu domains to three countries outside the European Union from January 8.

Companies and individuals from Iceland, Lichtenstein and Norway will get to register .eu names, due to a rule change at the registry.

The three countries are members of the European Economic Area, which enjoys many of the trade benefits of the Union but without full EU membership.

EURid said that the 2002 European Parliament regulation that created .eu always envisaged the eventual expansion of the ccTLD to the EEA.

The change expands the registry’s addressable market by fewer than 5.4 million people, five million of whom are Norwegian.