What’s beyond WHOIS compliance to GDPR?

What’s beyond WHOIS compliance to GDPR?

ICANN62 was announced as a meeting focused on WHOIS compliance to GDPR. Policies were to be discussed and what was until months ago a pending (or well procrastinated) issue is now a high-interest topic. It represents a test to ICANN’s efficacy and efficiency, which can only be achieved if cross-wise by multistakeholderism. The sessions at ICANN62 seemed then the first of a twelve-months energy-intensive test to the limits of ICANN’s model. However, not all sessions focused on GDPR-related issues.

Sessions I was expecting to attend

I arrived in Panama with the personal goal to understand more deeply the Geonames discussion, to attend the CCWG-Accountability WS2 Final Report presentation and to discover other ongoing PDPs. That insight would help me decide my next volunteering opportunities within NCUC – the first of which would be helping with the public comment on the Open Data Initiative.

Geonames

The Work Track 5 which is developing the policy for any future gTLDs held two cross-community sessions. The goal was to get input from across the community and hear new perspectives. The first session had an open and break-out group format and it focused on the treatment of non-capital city names. In order to collect input, the audience was split up into groups that discussed three main questions.

1. Should there be some form of universal protections for non-capital city names? As with the other subgroups, opinions were diverse. Some argued there should be protections because governments need to protect cities and the communities they represent, others highlighted that such a protection should be based on a UN list and respectful of local and national laws. Those against universal protection for non-capital city names stressed that it overextends rights, for not only are they not protected by international law, have multiple meanings or many of its names have generic use, but also such rules go against freedom of speech for all applicants.

2. Non-capital city names that are not unique (eg. Venice, Springfield). There were some arguments in favor of focusing on the actual city to be related to the string (and not find every location that shares the same name) or of respecting a list organized by the UN on all major cities with over 100.000 inhabitants. Once again, some people underlined the importance of guaranteeing freedom of expression, although this was not mentioned during the wrap-up shared with the broader audience.

3. Should the usage of the proposed string still matter and should it still serve as the determining factor for needing approval? There were many different perspectives here, even on whether to have an authoritative list that applicants might use to see if something is geographic or not, and whether there are right to these names. At this group people also manifested that non-capital cities should have no special treatment, as should protection to freedom of expression be prioritized in this process.

During the second session of the WT5, the Board recognized that there is a need to find a middle ground between applying no restrictions at all and a “must get approval from all relevant public authorities for all non-capital cities” position. Although such a middle ground needed more active and grassroots discussions, such as the first session, this one was more traditional with the Board receiving some comments from the audience regarding the general and guiding principles, that were suggested already by the Board: 1. The program should allow for the introduction of new gTLDs as preliminarily agreed to by the full WG; 2. Try and enhance the predictability for all parties; 3. Try and reduce the likelihood of conflicts within the process, as well as after the process concludes and TLDs are delegated.

CCWG-Accountability WS2 Final Report

Tagged as a keystone of the IANA transition and an effort towards transparency and accountability of all the new structures at ICANN, the work of this CCWG was concluded on Sunday 24th. Unlike WS1, it is not CCWG’s mandate to also ensure implementation. However, it was decided to create an implementation oversight team -composed of rapporteurs of the sub-teams and the co-chairs- that would advice ICANN org and staff if questions arise. This was a step towards ensuring that implementation aligns to the original recommendations. At the same time the final report has been published and approved, ICANN is undergoing its public comment period on the Open Data Initiative. Not only is the prioritization of datasets that can measure and foster accountability an opportunity to enable a context for the implementation of the recommendations of the CCWG-Accountability WS2, but also an opportunity towards providing input for the development of a well-informed community, which reuses the available data in order to improve its skills and capacity to decide. This opportunity is essential so that more diverse and plural members get access to more formal spaces, boost innovations and identify problems, concerns or topics that need to be discussed and would otherwise be unrecognizable or less recognizable.

The sessions that the whole community was expecting to attend

Although some milestones have reached their timeline with a true bottom-up process, there are persisting and new concerns about how the multistakeholder model works in the direction of enhancement of transparency, openness and accountability at ICANN and, thus, its legitimacy, especially in a context where there is an increasing interest of governments in legislation that affects the overall internet ecosystem, defying and testing ICANN mechanisms to comply both with that legislation, human rights and the different interests at stake.

At this point, besides WHOIS compliance to GDPR being a trending topic at ICANN62 for a good (and pragmatic?) reason, it showcases a need for NCUC members to audit and participate in the process and results of the current EPDP, that seeks to develop a replacement for the Temporary Specification for gTLD Registration Data designed to achieve WHOIS compliance with the GDPR. So now the EPDP is in the mission of opting for the easy way of going ahead with the policy development process confirmation or a more muddy yet desired process of replacing the model with a better compliant alternative. The non-commercial users were the ones to express doubts and concerns, some of which were:

  • The lack of legal clarity on the appropriate way forward
  • It requires a demanding time commitment for members of the team
  • How to balance the different interests at stake?
  • The EPDP skips stages that PDP have and are used to ensure a bottom-up policy and to legitimize policies
  • There are risks that the EPDP does not arrive at a consensus and/or a well-thought final report taking into account the strict time frame. What would that scenario look like?

It is our mission then to identify and evaluate the EPDP impact on human rights and the multistakeholder model within ICANN. And while the process is on, it is our mission not to keep our eyes from the discussions, as catching-up is a risk rather than an option.

I would like to thank NCUC for giving me the opportunity to attend ICANN62 meeting as an NCUC Mentee. It is indeed a great opportunity for deeper engagement with the constituency!  

 

Leave a Reply