Latest news of the domain name industry

Recent Posts

ICANN denies Whois policy “failure” as Marby issues EU warning

Kevin Murphy, October 19, 2020, Domain Policy

ICANN directors have denied that recently delivered Whois policy recommendations represent a “failure” of the multistakeholder model.

You’ll recall that the GNSO Council last month approved a set of controversial recommendations, put forward by the community’s EPDP working group, to create a semi-centralized system for requesting access to private Whois data called SSAD.

The proposed policy still has to be ratified by the ICANN board of directors, but it’s not on the agenda for this week’s work-from-home ICANN 69 conference.

That has not stopped there being some robust discussion, of course, with the board talking for hours about the recommendations with its various stakeholder groups.

The EPDP’s policy has been criticized not only for failing to address the needs of law enforcement and intellectual property owners, but also as a failure of the multistakeholder model itself.

One of the sharpest public criticisms came in a CircleID article by Fabricio Vayra, IP lawyer are Perkins Coie, who tore into ICANN last month for defending a system that he says will be worse than the status quo.

But ICANN director Becky Burr told registries and registrars at a joint ICANN 69 session last week: “We don’t think that the EPDP represents a failure of the multistakeholder model, we actually think it’s a success.”

“The limits on what could be done in terms of policy development were established by law, by GDPR and other data protection laws in particular,” she added.

In other words, it’s not possible for an ICANN working group to create policy that supersedes the law, and the EPDP did what it could with what it was given.

ICANN CEO Göran Marby doubled down, not only agreeing with Burr but passing blame to EU bureaucrats who so far have failed to give a straight answer on important liability issues related to the GDPR privacy regulation.

“I think the EPDP came as far as it could,” he said during the same session. “Some of the people now criticizing it are rightly disappointed, but their disappointment is channeled in the wrong direction.”

He then referred to his recent outreach to three European Commission heads, in which he pleaded for clarity on whether a more centralized Whois model, with more liability shifted away from registrars to ICANN, would be legal.

A failure to provide such clarity would be to acknowledge that the EPDP’s policy proposals are all just fine and dandy, despite what law enforcement and some governments believe, he suggested.

“If the European Union, the European Commission, member states in Europe, or the data protection authorities don’t want to do anything, they’re happy with the situation,” he told registrars and registries.

“If they don’t take actions now, or answer our questions, they’re happy with the way people or organizations get access to the Whois data… it seems that if they don’t change or do anything, they’re happy, and then were are where we are,” he said.

He reiterated similar thoughts at sessions with other stakeholders last week.

But he faced some pushback from members of the pro-privacy Non-Commercial Stakeholders Group, particularly during an entertaing exchange with EPDP member Milton Mueller, who’s unhappy with how Marby has been characterizing the group’s output to the EU.

He specifically unhappy with Marby telling the commissioners: “Should the ICANN Board approve the SSAD recommendations and direct ICANN org to implement it, the community has recommended that the SSAD should become more centralized in response to increased legal clarity.”

Mueller reckons this has no basis in what the EPDP recommended and the GNSO Council approved. It is what the IP interests and governments want, however.

In response, Marby talked around the issue and seemed to characterize it as a matter of interpretation, adding that he’s only trying to provide the ICANN community with the legal clarity it needs to make decisions.

These eight companies account for more than half of ICANN’s revenue

Kevin Murphy, October 19, 2020, Domain Policy

While 3,207 companies contributed to ICANN’s $141 million of revenue in its last fiscal year, just eight of them were responsible for more than half of it, according to figures just released by ICANN.

The first two entries on the list will come as no surprise to anyone — they’re .com money-mill Verisign and runaway registrar market-leader GoDaddy, together accounting for more than $56 million of revenue.

Registries and registrars pay ICANN a mixture of fixed fees and transaction fees, so the greater the number of adds, renews and transfers, the more money gets funneled into ICANN’s coffers.

It’s perhaps interesting that this top-contributors list sees a few companies that are paying far more in fixed, per-gTLD fees than they are in transaction fees.

Binky Moon, the vehicle that holds 197 of Donuts’ 242 gTLD contracts, is the third-largest contributor at $5.2 million. But $4.9 million of that comes from the annual $25,000 fixed registry fee.

Only 14 of Binky’s gTLDs pass the 50,000-name threshold where transaction fees kick in.

It’s pretty much the same story at Google Registry, formally known as Charleston Road Registry.

Google has 46 gTLDs, so is paying about $1.1 million a year in fixed fees, but only three of them have enough regs (combined, about one million names) to pass the transaction fees threshold. Google’s total funding was almost $1.4 million.

Not quite on the list is Amazon, which has 55 mostly unlaunched gTLDs and almost zero registrations. It paid ICANN $1.3 million last year, just to sit on its portfolio of dormant strings.

The second and third-largest registrars, Namecheap and Tucows respectively, each paid about $1.7 million last year.

The only essentially single-TLD company on the list is Public Interest Registry, which runs .org. Despite having 10 million domains under management, it paid ICANN less than half of Binky’s total last year.

The anomaly, which may be temporary, is ShortDot, the company that runs .icu, .cyou and .bond. It paid ICANN $1.6 million, which would have been almost all transaction fees for .icu, which peaked at about 6.5 million names earlier this year.

Here’s the list:

VeriSign, Inc.$45,565,544
GoDaddy.com, LLC$10,678,376
Binky Moon, LLC$5,231,898
Public Interest Registry$2,515,416
NameCheap, Inc.$1,755,932
Tucows Domains Inc.$1,747,648
ShortDot SA$1,643,103
Charleston Road Registry Inc.$1,385,356

Combined, the total is over $70.5 million.

The full spreadsheet of all 3,000+ contributors can be found over here.

Lockdown bump was worth $600,000 to ICANN, but end of Club Med saves 10x as much

Kevin Murphy, October 19, 2020, Domain Policy

The coronavirus pandemic lockdowns and the resulting bump in domain name sales caused ICANN’s revenue to come out $600,000 ahead of expectations, up 4%, the org disclosed last week.

But ICANN saved almost 10 times as much by shifting two of its fiscal year 2020 public meetings to an online-only format, due to travel and gathering restrictions.

The organization’s FY20 revenue was $141 million, up by $5 million on FY19, against a rounded projection of $140 million. ICANN’s financial years end June 30.

ICANN said it is “uncertain if these market trends will continue”.

Back in April, the organization lowered its revenue forecast for FY21 by 8%, or $11 million.

Expenses were down $11.1 million at $126 million, 8% lower that expectations and $4 million lower than the 2019 number.

That was mostly due to a $6.2 million saving from having two public meetings online-only.

ICANN typically spends $2 million per meeting funding over 500 travelers, both ICANN staff and community members, but that was down to almost nothing for the first two meetings of this year.

Pre-pandemic, ICANN expected these meetings, slated for Cancun and Kuala Lumpur, to cost $4.2 million and $3.4 million respectively, but the switch to Zoom brought them in at $1.4 million and $0.4 million.

ICANN would have occurred some pre-meeting travel expenses for the Cancun gathering, which was cancelled at the last minute, as well as cancellation fees on flights and hotels.

The org has previously stated that the switch away from face-to-face meetings could save as much as $8 million this calendar year.

The rest of the savings ICANN chalked down to lower-than-expected personnel costs, with hiring slowing during the pandemic.

Incidentally, if you’re wondering about the headline above, it’s a reference to a notorious 2009 WSJ article, and outrage about ICANN’s then $12 million travel budget.

Eleven years later, the FY20 travel budget was $15.7 million.

Something weird’s going on at .sucks

Kevin Murphy, October 14, 2020, Domain Registries

Ever heard of a domainer or cybersquatter putting their freshly-registered domains up for sale at cost?

Me neither, but that’s what seems to be going on at .sucks right now.

The sudden appearance of many hundreds of .sucks domains — many of them matching very famous trademarks — at Sedo and Uniregistry comes as the registry unveils plans to open up a secondary marketplace of its own.

.sucks registry Vox Populi, a part of the Momentous group of companies, wants to open its own marketplace, according to a letter it recently sent to ICANN.

The registry told ICANN it plans to launch a service “whereby a Registrant of a .sucks domain name can list their domain for resale with the Registry”, saying it will “allow our Registrars to show the domain as available for purchase by third parties at the price set by the current Registrant.”

It’s taking a somewhat confrontational approach from the outset, telling ICANN that it does not believe the service would constitute a “registry service” that would require ICANN’s approval under the Registry Service Evaluation Process.

It points to the fact that registrants can already list their .sucks names on existing marketplaces such as Sedo as proof that it’s not a “product or service that only a registry operator is capable of providing, by reason of its designation as the registry operator” requiring the RSEP.

This interpretation strikes me as open to debate, but I’m not going to get into that here.

What’s more interesting is that the vast majority of the domains listed on these competing platforms appear to have been registered relatively recently, in bulk, all via Momentous-owned registrar Rebel, and quite possibly by the same registrant.

What’s weird is that the majority of the .sucks names listed at Sedo have a buy-now price of $199. Some are priced higher. Some priced at $199 at Sedo are priced at $599 at Uniregistry.

$199 is the absolute cheapest you can buy a .sucks domain name anywhere. It’s Rebel’s retail price, and I believe it’s also Vox Pop’s wholesale price. Even the cheapest unaffiliated registrars slap a $50 markup on the registry fee.

The domains started being listed on the aftermarkets after a sharp spike in .sucks sales back in June, where my data shows that over 2,000 names were registered, via Rebel, in the space of about 24 hours.

The .sucks zone file has been growing ever since, swelling from 7,347 — where volume had been flattish and under 8,000 names for years — to 11,255 since June 16, the date of the first spike.

Almost every .sucks listing I spot-checked on Sedo has three things in common: the $199 price-tag, a recent registration date, and a seller who signed up for the service in 2020 submitting their home territory as Turks and Caicos.

Turks and Caicos, which is also where Rebel is legally based, is a British island territory in the Caribbean with fewer than 38,000 inhabitants. It’s often used for offshore company registrations.

Whois records for the domains I checked with June reg dates use Momentous privacy service Privacy Hero, while other more-recent regs list the registrant as Honey Salt Ltd, a company apparently also based in Turks and Caicos.

So what we seem to have here is a registrant willing to invest half a million dollars or more in .sucks domain names, a great many matching famous brands, and then list them for resale at the exact same price he paid for them.

Why would a cybersquatter pay $199 for jackdaniels.sucks or dolceandgabbana.sucks or unitedinternetmedia.sucks and then put them up for sale for $199? It makes no sense to me.

And it comes at a time when Vox Pop is trying to persuade ICANN that there’s a thriving aftermarket for .sucks domains.

I put all these observations to the CEOs of Momentous and the registry earlier today, and Vox Pop chief John Berard got back to us to say:

With regard to those 2,000 registered names, that was most welcome. I don’t know much more than that about Honey Salt… I am certainly not going to speculate on their plans.

That they are in the Turks and Caicos is interesting, for sure. But you know as well as I that the Caribbean is a hotbed of domain name innovation and investment.

He later added: “Yes, take it to the bank that VPR [Vox Populi Registry] is not behind the registrations.”

On the issue of the registry’s own secondary market plans, Berard said:

we are trying to catch up to others in the domain name industry who first saw the customer value of fostering a secondary market. I think we may be the first registry to do it, but we, i am sorry to say, weren’t the first to market.

If I receive more information or commentary on this weirdness I shall provide updates accordingly.

Forty weddings and a funeral? .wed is dead but may come up for auction

Kevin Murphy, October 12, 2020, Domain Registries

.wed has become the first commercial, open, non-branded new gTLD to have its registry contract unilaterally terminated by ICANN, and it could soon be looking for a new home.

ICANN terminated the contract with US-based Atgron last week, almost three years after imposing emergency measures to protect registrants after the company’s business model failed miserably.

The company wanted to provide a space for engaged couples to promote their weddings for about $50 a year, but its business model was based around basically forcing registrants to abandon their names by charging a $30,000 renewal fee after year two.

Unsurprisingly, it attracted few registrants — about 300 at its 2016 peak — and only one registrar.

By the time the end of 2017 rolled around, it was languishing at 39 domains (for the purposes of a whimsical headline, let’s round it up to 40) and its agreement with its back-end registry operator was on the verge of expiring.

In the hope of keeping its customers’ domains working, Atgron turned off its Whois for a week, attracting the attention of ICANN and triggering a criterion for transitioning to an Emergency Back-End Registry Operator.

It’s been on an EBERO, in this case Nominet, since December 2017, with all domains essentially frozen.

In the meanwhile, it’s been fighting against contract termination with ICANN, first in mediation and then in arbitration.

Last month, the arbitrator ruled that Atgron was in breach for failure to pay its ICANN fees, and ICANN terminated the registry agreement October 5.

.wed is certainly not the first new gTLD to get terminated by ICANN — there’s been about a dozen to date — but it is the first to be a non-dot-brand.

This means ICANN will get to test its Registry Transition Process for the first time.

When a dot-brand dies, ICANN just removes it from the root and lets it stay dead on the grounds that there’s no plausible successor and no registrants will suffer.

In this case, we’re talking about an open, non-branded gTLD with a generic string that could potentially rack up many thousands of registrations.

There’d be no obligation for a future operator to take on the silly business model.

The Registry Transition Process will go one of two ways.

If Atgron has already picked a successor registry, ICANN will conduct a series of evaluations that look like they would be a piece of cake for any existing gTLD portfolio owner to pass.

But if Atgron has no heir apparent, it goes to an RFP which basically amounts to an auction, with the company prepared to pay Atgron the most money becoming the company’s presumed preferred successor.

With Atgron still owing ICANN money — presumably hundreds of thousands of dollars — in past-due fees, I’ve little doubt what ICANN’s preferred outcome would be.

For Atgron, there’s the distinct possibility that it could make more money from crashing .wed into the ground than it ever did by actually selling domains.

.wed is not a bad string — it’s short, meaningful, and has a niche of potential registrants already forced to overpay for almost everything else — and I’m fairly confident it could easily find a new home at an existing registry.

Holy Scheisse! Did you know ICANN 69 starts TOMORROW?

Kevin Murphy, October 12, 2020, Domain Policy

ICANN is starting its ICANN 69 public annual general meeting four days earlier than originally planned, and it appears to have only publicly announced the date change 24 hours in advance.

How’s that for transparency?

Usually, ICANN AGMs kick off formally on the Monday morning and run through the Thursday afternoon, but meetings between community groups start taking place the previous Friday, leading to a seven-day continuous meeting.

For ICANN 69, originally planned for Hamburg but now of course an online-only experience, ICANN has removed the Friday and weekend sessions and split the week in two.

There’ll be three “Community Days” from October 13 (which is tomorrow when I’m posting this but possibly today by the time you read it), three days off, and then four days of “Plenary Sessions”, beginning with the opening ceremony on Monday morning.

The community days include stuff like policy working group meetings, but they also include the top-level interactions between each constituency group, including the Governmental Advisory Committee, and the ICANN board of directors.

These traditional airing of grievances, usually on “constituency day” Tuesday, are where the tensions and hot topics of interest for the whole community are raised, and always worth listening to.

The decision to shake up the schedule appears to have been made some time in September. Last time I checked ICANN’s meetings page, September 2, it still showed the old October 17 start date.

What I find utterly baffling is that ICANN does not seem have made a formal public announcement of the date change, despite having blogged or made announcements about various aspects of the meeting several times.

I genuinely only found out today, reading this blog post that ICANN put out today, just one day before the meeting starts.

It certainly seems that the information has filtered out to the parts of the community that actually need to participate in the various sessions.

But what about the rest of us? Unless you’ve registered and logged in to the ICANN 69 web site since the changes were made, I’m not sure how you were meant to know.

Did you know?

I had plans to get my toenails done tomorrow.

.jobs plans to raise millions from premium names after dumping its sponsor

Kevin Murphy, October 6, 2020, Domain Registries

Third time lucky for .jobs?

Having had its first two business models fail, Employ Media has appealed to ICANN to scrap the cumbersome restrictions that have dogged .jobs for 15 years and allow it to raise potentially millions by auctioning off premium domains.

.jobs is one of a handful of “sponsored” gTLDs applied for in the 2003 round, but now it wants to dump its sponsor and substantially liberalize its eligibility policies.

.jobs has been sponsored by the Society for Human Resource Management since its approval by ICANN back in 2005, but Employ Media wants a divorce.

It’s also asking ICANN to promise not to fire barrages of lawyers at it if (or, more likely, when) it attempts to auction off tens of thousands of premium .jobs domains, some of which are currently carrying six-figure asking prices.

The gTLD was one of a handful approved in the 2003 “Sponsored TLD” round, an experimental early effort to introduce top-level competition, which also produced TLDs including .xxx, .asia, .cat and .mobi.

.jobs was originally restricted in two primary ways: only card-carrying HR professionals could register names, and they could only register the name of the company they worked for.

As you might imagine, the domains didn’t exactly fly off the shelves. By January 2010 fewer than 8,000 names had been registered, while the likes of .mobi — also “sponsored”, but far less restricted — were approaching one million.

So Employ Media took a gamble, creating what it called Universe.jobs. It registered about 40,000 domains representing professions like nursing.jobs and geographic terms like newyork.jobs, and populated the sites with job listings provided in partnership with the non-profit DirectEmployers Association.

As I reported extensively in DI’s early days, ICANN saw this as a breach of its Registry Agreement and threatened to terminate the contract. But Employ Media fought back, and ICANN eventually retreated, allowing Universe.jobs to go ahead.

I’ve thought so little about .jobs in the last eight years that I didn’t notice that Universe.jobs had also crumbled until today.

It seems DirectEmployees terminated the deal in 2018 after the registry refused to give it a bigger slice of revenue, then launched a competing for-profit service called Recruit Rooster, stranding Employ Media without a key revenue stream.

The registry sued (pdf) last year, accusing DirectEmployers of stealing its clients in violation of their agreement. While DirectEmployers denied the claims (pdf), the lawsuit was nevertheless settled last November, according to court documents.

That didn’t solve the problem of Employ Media not having a strong business model any more, of course.

So the company wrote to ICANN back in April to ask for changes to its Registry Agreement, enabling it to split from SHRM after 15 years of nominal oversight and create its own “independent” HR Council to oversee .jobs policy.

The Council would be made up of HR professionals not employed by Employ Media and would make seemingly non-binding “recommendations” about registry policy.

The proposed changes also reduce registrant eligibility to what looks like a box-checking exercise, as well as permitting Employ Media to sell off “noncompanyname” domains at auction or for premium fees.

Under the current contract, you can only register a .jobs domain if you’re a salaried HR professional and are certified by the Human Resource Certification Institute.

If the proposed changes are approved by ICANN, which seems very likely given ICANN’s history of pushing through contract amendments, the new rule will be:

Persons engaged in human resource management practices that are supportive of a code of ethics that fosters an environment of trust, ethical behavior, integrity, and excellence (as exemplified in the current Society for Human Resource Management (“SHRM”) Code of Ethical and Professional Standards in Human Resource Management or other similar codes) each, a “Qualified Applicant” may request registration of second-level domains within the TLD.

Sounds rather like something that could easily be buried in the Ts&Cs or dealt with with a simple check-box at the checkout.

The proposed new contract further guts the restricted nature of the TLD and removes the ability of the new sponsor (essentially the registry itself) to increase eligibility requirements in future.

Another amendment not flagged up prominently by ICANN on its public comment page specifically permits the registry to launch a “Phased Allocation Program” for generic second-level names, what it calls “noncompanyname” domains:

Registry Operator may elect to allocate the domain names via the following processes: 1) Request for Proposals (RFP) to invite interested parties to propose specific plans for registration, use and promotion of domains that are not their company name; 2) By auction that offers domains not allocated through the RFP process; and 3) A first-come, first-served real-time release of any domains not registered through the RFP or auction processes. Registry Operator reserves the right to not allocate any of such names. The domain names included within the scope of the Phased Allocation Program shall be limited to noncompanyname.TLD domain names, not including all reserved names as identified in Specification 5 of this Agreement.

Basically, Employ Media plans to sell off the tens of thousands of Universe.jobs domains it still has registered to itself, potentially raising millions in the process. One and two-character domains will also be released, subject to ICANN rules.

Many of these domains, even universe.jobs itself, seem to have make-an-offer landing pages already, with suggested prices such as $500,000 for hotel.jobs and $750,000 for us.jobs.

Bizarrely, these landers have a logo branding .jobs as “a legacy TLD”, a slogan I imagine is meaningless to almost anyone outside the domain industry and not particularly evocative or sexy.

The sum of all this is that .jobs is arguably on the verge of becoming a sponsored TLD in name only, with the potential for a big windfall for the registry.

Oh, and it’s all up for public comment before ICANN gives final approval to the contract changes. Comments close November 16.

Will anyone begrudge the company a chance at success, after 15 years of being handcuffed by its own policies?

I can imagine Donuts may have a view, operating as it does the competing .careers, which currently has fewer than 8,000 regs and is almost certainly the weaker string.

Peaceful transfer of power? GNSO’s next chair is a shoo-in

Kevin Murphy, October 5, 2020, Domain Policy

Unlike other upcoming democratic processes we could mention, it looks like the transition to a new chair of ICANN’s GNSO Council will be peaceful, non-controversial, and probably won’t result in widespread looting and arson.

Philippe Fouquart is the sole candidate, and he’ll be voted in with an open ballot at the ICANN AGM later this month.

As a senior techie for telecoms company Orange, he’s sat on the Council as a representative of the Internet Service Providers Constituency for the last three years. He hails from France.

Fouquart was nominated by the Non-Contracted Parties House. The Contracted Parties House, representing registries and registrars, did not field a candidate.

Unlike normal procedure, which calls for a secret paper ballot, the Council will vote via a simple, public roll-call at the AGM.

He’ll replace Verisign VP Keith Drazek, who’s chaired the Council for the last two years.

In terms of vice-chairs, the CPH has reappointed Pam Little of Chinese registrar Alibaba for another year and the NCPH has selected cybersecurity policy expert Tatiana Tropina to replace Rafik Dammak.

Two American women appointed to ICANN board

Kevin Murphy, October 5, 2020, Domain Policy

In a move that will surprise nobody, ICANN’s Nominating Committee has maintained the status quo on the ICANN board of directors by reappointing two of its previous selections.

NomCom’s two picks are Sarah Deutsch and Avri Doria, both of whom were selected in 2017 and have their first three-year term expiring later this month.

Deutsch is an intellectual property lawyer in private practice. She spent most of her career lawyering for Verizon. She’s also a director of the Electronic Frontier Foundation.

Doria is a consultant who has spent most of her time at ICANN on the non-commercial side of the house.

Both appointees are classified as North American under ICANN’s geographical diversity quotas.

As I’ve previously reported, the reappointments were very likely. Not only are both directors hugely experienced community members, but ICANN had given NomCom strong hints that it wants to increase gender diversity on the board.

That won’t actually happen this year. The other directors whose terms are up this month are all male, and they’ve all either been reappointed or replaced with other men by their respective constituency groups.

Currently, just five of the 16 voting directors are female. Including the four non-voting members, that number rises to seven. With the new NomCom appointees, those numbers will remain the same for at least a year.

UPDATE October 5, 2020: Deutsch tells me she has not been with the Winterfeldt IP Group for two years. Her official bio on ICANN’s web site says she is with that company, but apparently those bios are no longer reliable. She’s now working for herself. My apologies for the error.

Europe’s top dogs could decide the future of Whois

Kevin Murphy, October 5, 2020, Domain Policy

ICANN is pleading with the European Commission for legal clarity to help solve the two-year-old fight over the future of Whois in the age of GDPR.

CEO Göran Marby has written to three commissioners to ask for a definitive opinion on whether a centralized, mostly automated Whois system would free up registries and registrars from legal liability if their customers’ data is inappropriately disclosed.

It’s a question ICANN has been asking for years, but this time it comes after the ICANN community has come up with a set of policy recommendations that would create something called SSAD, for System for Standardized Access/Disclosure.

SSAD is supported by registries, registrars and non-commercial interests, but has been broadly criticized by governments, intellectual property interests, security experts and others as being not fit for purpose.

While it would create a centralized gateway for funneling Whois queries to contracted parties, and an accreditation system for those making the queries, the decision to accept or refuse the query would still lie with registries and registrars and be largely human-powered.

It’s been described as a glorified, $9 million-a-year ticketing system that will fail to provide better access to Whois to those who say they need it (largely the IP interests).

But registries and registrars say they cannot accept a solution that offloads decision-making to a centralized third party such as ICANN, unless that third party shoulders all the legal liability for mistakes, and whether that’s possible is far from clear this early in the life of GDPR.

As Marby told the commissioners:

Legal clarity could mean the difference between ICANN having a fragmented system that routes most requests for access to non-public registration data from requestors to thousands of individual registries and registrars for a decision, on the one hand, versus ultimately being able to implement a centralized, predictable solution in which decisions about whether or not to disclose non-public registration data in most or all cases could be made consistently, predictably, in a manner that is transparent and accountable to requestors and data subjects alike.

In GDPR lingo, the question is who becomes the “controller” of the data in a centralized system. The controller is the one that could get slapped with huge fines in the event of a privacy breach.

There’s a concept of “successive controllers”, where data is passed through a chain of handlers. ICANN wants clarity on whether, should a registrar send data to an ICANN central gateway, its liability ends there, before the final disclosure decision is made.

It’s asking the European Commission to exercise its authority under the GDPR to force the European Data Protection Board to issue a blanket opinion clarifying these issues, with the expectation that SSAD as currently envisaged could evolve over time to be something more like what the IP folk want.

For ICANN, such a ruling could help quell criticism from its influential advisory bodies, notably the Governmental Advisory Committee, which have come out strongly against the SSAD proposals.

If ICANN chooses to wait for the European Commission and EDPB responses to its new request, it’s highly unlikely we’re going to see the ICANN board fully approve SSAD at its annual general meeting later this month.