Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
European privacy watchdog says ICANN’s Whois demands are “unlawful”
European Union privacy officials have told ICANN that it risks forcing registrars to break the law by placing “excessive” demands on Whois accuracy.
In a letter to ICANN yesterday, the Article 29 Working Party said that two key areas in the proposed next version of the Registrar Accreditation Agreement are problematic.
It’s bothered by ICANN’s attempt to make registrars retain data about their customers for up to two years after registration, and by the idea that registrars should re-verify contact data every year.
These were among the requests made by law enforcement, backed up by the Governmental Advisory Committee, that ICANN has been trying to negotiate into the RAA for almost a year.
The letter (pdf) reads:
The Working Party finds the proposed new requirement to re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.
The “root cause” points to a much deeper concern the Working Party has.
Whois was designed to help people find technical and operational contacts for domain names, it argues. Just because it has other uses — such as tracking down bad guys — that doesn’t excuse infringing on privacy.
The problem of inaccurate contact details in the WHOIS database cannot be solved without addressing the root of the problem: the unlimited public accessibility of private contact details in the WHOIS database.
It’s good news for registrars that were worried about the cost implications of implementing a new, more stringent RAA.
But it’s possible that ICANN will impose the new requirements anyway, giving European registrars an opt-out in order to comply with local laws.
The letter is potentially embarrassing for the GAC, which seemed to take offense at the Prague meeting this June when it was suggested that law enforcement’s recommendations were not being balanced with the views of privacy watchdogs.
During a June 26 session between the GAC and the ICANN board, Australia’s GAC rep said:
I don’t come here as an advocate for law enforcement only. I come here with an Australian government position, and the Australian government has privacy laws. So you can be sure that from a GAC point of view or certainly from my point of view that in my positions, those two issues have been balanced.
That view was echoed during the same session by the European Commission and the US and came across generally like a common GAC position.
The Article 29 Working Party is an advisory body set up by the EU in 1995. It’s independent of the Commission, but it comprises one representative from the data privacy watchdogs in each EU state.
Pretty stupid argument by European Union, because in most , if not all European countries the publisher and owner of a running website must publish all information about them selfs on the “Impress” (Impressum) page by law. Full Name, adress, tel. Tax ID No. must be included, which pretty much kills privacy of online publishers in europe.
European Union lawmakers killed privacy and now they are the ones shouting?
Stupidity at its finest.
Such laws exist mainly in German speaking areas. There are no such laws in other counties, like the UK or Netherlands.
What I found most interesting was the threat that the individual data protection officials (who make up te Article 29 group) go after registrars that implement the data retention requirements for violations of the national data protection requirements, thereby stressing the fact that the implementation of these requirements would make the position of European registrars untenable.
Dear Kevin,
(For the record, I represented the European Commission in the meeting Governmental Advisory Committee referred to in the article).
I would be curious to know in which way the statement made by the European Commission during the June 26 GAC/Board session is “echoing” the statement made by Australia.
The transcript is available at http://prague44.icann.org/meetings/prague2012/transcript-gac-board-session-26jun12-en.pdf . The statement made by the European Commission is on pp. 8-9.
This is by no means a judgment on the statement of Australia or of any other GAC member; nor it is a judgment on the letter of the Article 29 Working Party which, as you point out, is an independent body.
I would also be very careful with sentences such as “[something] came across generally like a common GAC position”. GAC positions are expressed in GAC Communiqués and/or in letters or documents where it is clearly stated that a particular position is, indeed, a GAC position, as opposed to the position of any particular GAC member.
A clarification would be much appreciated.
Best regards,
Andrea Glorioso
European Commission
Andrea,
The European Commission “echo” I was referring to was:
“Concerning the specific point on privacy law, allow me to say I take exception with the notion that privacy law is muddying up the negotiation. Privacy law is an extremely important part of these negotiations, and just as Australia said, we do not — we, as public authorities, we do not take sides. That is not our job.”
That seems to me to be a restatement of Australia’s view that privacy requirements had already been “balanced” into the position.
If that’s a mischaracterization, I apologize.
With regards the GAC position, I’ll note that every GAC Communique since Singapore has mentioned the “Law Enforcement Recommendations” (that’s the GAC’s choice of words when referring to the RAA negotiations) and none of them until Prague have referred to privacy.
You have to go back to Brussels in June 2010 to find mention of “respect all requirements concerning the processing of personal data, such as privacy”.
It’s easy to come away with the impression that the GAC as a whole has been more aligned recently with the LEA view than with the privacy view.
Cheers,
Kevin
Dear Kevin,
I do not interpret what I said in the way you seem to interpret it, but no big harm done and no need to apologise. I just like to have the record straight.
For the record, the position of the European Commission is that we have been and are considering all the public policy / legal implications of the RAA, but that we are not part of the negotiations and hence we will not formally intervene in the negotiations themselves unless to reply to specific questions. This is, I believe, different from endorsing high-level principles which I tend to believe no-one disagrees with. As usual, the devil is in the details and the negotiating teams are trying to iron out thee details – if we can help, we will.
On the issue of wording: here again I think there is a differet mindset at work. From our perspective, once we say (as we did in Brussels) that there is a need to respect all legal requirements, including those of personal data protection / privacy, there does not seem to be the need to re-iterate the point unless the point seems to be unclear, as was the case in Prague. To be absolutely honest, I *personally* find it even unnecessary to state that all applicable law (which includes privacy, but also all legal obligations linked to criminal investigations) has to be respected.
Happy to discuss further whenever / however possible.
Best regards,
Andrea
The need to re-iterate the point arises from the absence, within the negotiation process, of anyone making the point at all. The registrars are deemed not to have standing to raise any legal requirements in counterpoise to the law enforcement demands. Thus having dismissed the registrars as incompetent in that regard, the absence of any specific concerns of the GAC generally, or GAC members specifically, beyond general platitudes is taken as consent of the GAC to whatever demands are made by law enforcement.
“But it’s possible that ICANN will impose the new requirements anyway, giving European registrars an opt-out in order to comply with local laws.”
This would certainly not be acceptable to non-EU registrars, many of whom currently offer privacy protection similar to the EU in order to compete for European customers.
Especially in view of efforts elsewhere within ICANN’s to restrain / restrict the use of Privacy & Proxy services.
ICANN must not create an uneven playing field, where Registrant Privacy is a market differentiation among Registrars.
ICANN said earlier this week:
“ICANN and the registrars have discussed various processes under which a registrar might seek a waiver of certain elements of the data retention requirements to the extent that they are in conflict with laws applicable to the registrar.”
@Kevin, What is your point? Is ICANN creating an uneven playing field, or no?
What Theo said.
Louise, the “waiver” was prolly intended for extreme special cases and used to remove at that point a “minor” obstacle regarding the 2012 RAA talks.
Now the “minor” obstacle turns to be an obstacle of 27 stories high with a huge neon sign blinking “obstacle” on top.
I expect the “waiver” not to turn up in any further communications from ICANN.