Jump to content

Registration Data Accuracy Scoping Team

The Registration Data Accuracy Scoping Team (often shortened to the Accuracy Scoping Team or RDA Scoping Team) was a GNSO group tasked with examining how the accuracy of gTLD registration data is defined, enforced, and measured in the post-GDPR environment, and to advise the GNSO Council on possible next steps, including whether a Policy Development Process (PDP) or other mechanism was needed.[1]

The team conducted weekly meetings between October 2021 and 2022, producing a detailed report on enforcement and measurement of accuracy (Assignments #1 and #2). Its proposals were subsequently paused by the GNSO Council pending legal and contractual clarifications, and in August 2024 the Council decided not to proceed with the team’s main recommendations and not to restart the Scoping Team.[2] [3]

The Scoping Team's findings and documentation formed the background to subsequent GNSO Council work on registration data accuracy, including the establishment of the GNSO Council Registration Data Accuracy Small Team. [4] [5]

Background[edit | edit source]

Registration data accuracy has been a longstanding topic within ICANN, appearing in the original WHOIS Review, the RDS-WHOIS2 Review, and the SSR2 Review, as well as in ICANN Contractual Compliance activities and the WHOIS Accuracy Reporting System (ARS).

The entry into force of the EU General Data Protection Regulation (GDPR) and adoption of the Temporary Specification for gTLD Registration Data significantly reduced the amount of registration data published via WHOIS/RDDS. This complicated both community-led efforts and ICANN org programmes such as WHOIS ARS, which had relied on public data to sample and test accuracy. WHOIS ARS was placed on hold while ICANN org assessed the legalities of processing registration data under GDPR and similar laws.[6]

In November 2020 the GNSO Council requested an ICANN org briefing on existing registration data accuracy requirements and programmes, and on how GDPR had affected enforcement of those requirements. ICANN org delivered this briefing, titled “Registration Data Accuracy Requirements and the European General Data Protection Regulation (GDPR)”, on February 26, 2021. The briefing suggested that it might be beneficial to develop, together with the GNSO Council, a framework for measuring accuracy under the new legal and technical conditions.[7]

Membership[edit | edit source]

Membership of the Registration Data Accuracy Scoping Team was open to all GNSO Stakeholder Groups and Constituencies (SG/Cs), which were invited to appoint representatives and alternates. Other ICANN bodies, such as the GAC, the ALAC, and Security and the SSAC, were invited to nominate participants, and an ICANN Board liaison was assigned to follow the work.[1] [8]

The GAC, for example, nominated representatives from the European Commission and the United States to participate in the weekly deliberations starting in October 2021.[8] ICANN org staff from Policy and Contractual Compliance supported the team by providing briefings, legal analysis, and liaison with the ICANN Board.

The Scoping Team was chaired by Michael Palage (appointed from the ALAC).[6] A call for Expressions of Interest for the chair role was circulated to the Supporting Organizations and Advisory Committees in November 2021.[9]

Formation[edit | edit source]

Building on the February 2021 briefing and earlier Council discussions, the GNSO Council agreed to establish a dedicated scoping effort on registration data accuracy. On July 22, 2021 the Council adopted “Registration Data Accuracy Scoping Team – Formation and Instructions” as the basis for the group’s work.[1] [10]

The Formation and Instructions document described the Scoping Team as a pre-policy effort to:

  • facilitate community understanding of the accuracy issue in the post-GDPR environment,
  • assist in scoping and defining the issue,
  • help determine whether an Issue Report and PDP, or other mechanism, should be requested, and
  • consider whether a new or updated accuracy measurement programme (including ARS or a successor) could be effectively implemented.[1]

The first meeting of the Registration Data Accuracy Scoping Team took place on October 5, 2021, and the team met on a weekly basis thereafter.[8]

Mandate and Scope[edit | edit source]

The Formation and Instructions document organised the work into four main assignments:

  • Enforcement and reporting: assess how existing registration data accuracy requirements are currently implemented and enforced, including ICANN Contractual Compliance activities, complaint-handling mechanisms, and any evidence of systemic issues in accuracy.
  • Measurement of accuracy: examine how accuracy has been and could be measured, including a review of past efforts such as WHOIS ARS, and recommend how levels of accuracy might be determined and measured under current legal and technical constraints.
  • Effectiveness of accuracy requirements: consider the effectiveness of existing accuracy requirements in ICANN contracts and consensus policies, including whether these are fit for purpose in light of GDPR and other data protection laws.
  • Possible changes or further work: determine whether changes to existing requirements, new accuracy-related programmes, or initiation of a GNSO policy development process (or other mechanism) should be recommended.[1]

As an initial question, the Scoping Team was also asked to determine whether there was an agreed definition of “registration data accuracy”. Failing agreement, it was asked to consider working definitions to use in its deliberations.[1] In practice the team did not reach consensus on a single definition and instead referred to the description of validation and verification obligations in the 2013 Registrar Accreditation Agreement (RAA) Registration Data Directory Services (RDDS) Accuracy Programme Specification, using “operability” of contact data as a minimum baseline.[11]

Work and Deliberations[edit | edit source]

The Scoping Team’s work was heavily informed by materials developed by ICANN org, including:

  • the February 2021 briefing “Registration Data Accuracy Requirements and the European GDPR”,[7]
  • a January 2022 memorandum on the WHOIS Accuracy Reporting System (ARS), and
  • responses to follow-up questions from the Scoping Team, including information on Contractual Compliance practices and historical accuracy studies.

The team also reviewed findings from the WHOIS ARS reports, relevant sections of the RDS-WHOIS2 and SSR2 review reports, and existing ICANN Contractual Compliance statistics related to accuracy.[6]

Assignments #1 and #2[edit | edit source]

Most of the Scoping Team’s active work focused on Assignments #1 (enforcement and reporting) and #2 (measurement of accuracy). After a series of meetings through 2021–2022, the team submitted a consolidated “Deliberations and Findings for Assignments #1 and #2” report to the GNSO Council, dated September 2, 2022 and transmitted on September 5, 2022.

The report documented, among other points:

  • differing views on whether accuracy had improved or deteriorated after GDPR and redaction of public WHOIS data;
  • the impact of pausing WHOIS ARS and the limited availability of data for measuring accuracy;
  • the absence of a shared definition of “accuracy” beyond operability of contact data; and
  • the constraints imposed by existing contracts and data protection laws on large-scale access to registration data.

The report made three key recommendations to the GNSO Council:

  • Voluntary registrar survey (Recommendation #1): Request ICANN org to carry out a voluntary survey of registrars about their registration data validation and verification practices, including how they handle accuracy complaints and what additional measures (if any) they employ beyond contractual requirements.
  • Registrar audit (Recommendation #2): Collaborate with ICANN org on the design of a targeted Contractual Compliance audit assessing registrar compliance with existing validation and verification obligations under the RAA, potentially expanding on the use of data already collected in compliance audits.
  • Pause work requiring access to registration data (Recommendation #3): Pause the Scoping Team’s work on proposals that require access to registration data (including Recommendations #1 and #2) until key dependencies had been addressed, including:
    • completion of a Data Processing Agreement (DPA) between ICANN org and Contracted Parties,
    • outreach to the European Data Protection Board (EDPB), and
    • completion of Data Protection Impact Assessments (DPIAs) on proposed accuracy study scenarios.[6]

Assignments #3 and #4 (assessing the effectiveness of existing requirements and considering possible policy or programme changes) were not fully completed, with the Scoping Team viewing additional data from Recommendations #1 and #2 as necessary to inform any further work.[6]

Council Consideration and Suspension of Work[edit | edit source]

The GNSO Council considered the Scoping Team’s report and recommendations during its November 17, 2022 meeting. It adopted a motion which, among other points:[2]

  • accepted Recommendation #3 to pause work on proposals requiring access to registration data;
  • encouraged ICANN org to proceed “as a matter of urgency” with outreach to the EDPB and with DPIAs for candidate accuracy study scenarios; and
  • requested that ICANN org and the Contracted Parties finalize negotiations on the Data Processing Agreement (DPA) as soon as practicable, recognising that the absence of a completed DPA could act as a roadblock for additional policy work.

The Council deferred its decision on Recommendations #1 (registrar survey) and #2 (registrar audit) until the DPA negotiations were completed and ICANN org had reported back on whether, and how, it anticipated the requesting and processing of registration data could be undertaken to measure accuracy, or for six months, whichever was shorter.[2] [12]

In a December 1, 2022 letter to the GAC, ALAC, and SSAC, GNSO Council Chair Sebastien Ducos explained that, as a result of the motion, work on proposals requiring access to registration data was paused, and that the Scoping Team’s further engagement would depend on the outcome of ICANN org’s legal and contractual analyses and the completion of the DPA.[12]

ICANN org Assessment[edit | edit source]

Pursuant to the Council’s 2022 resolution and earlier Board requests, ICANN org developed and assessed four possible scenarios for obtaining data to inform discussions on registration data accuracy. These scenarios were shared with the Scoping Team in May 2022 and later described in detail in ICANN org’s “Assessment of Registration Data Accuracy Scenarios”, delivered to the GNSO Council on October 19, 2023.

The four scenarios were:

  1. analysis of publicly available registration data for syntactic and operational accuracy (similar to the approach used in WHOIS ARS);
  2. a proactive Contractual Compliance audit of registrar compliance with validation and verification obligations under the RAA;
  3. analysis of a representative sample of full (public and non-public) registration data voluntarily provided by registrars to ICANN; and
  4. a voluntary registrar survey on accuracy-related practices.

ICANN org’s assessment concluded, among other points:[11]

  • Scenario 1 (public data analysis) would not provide meaningful insight because much of the relevant data is no longer publicly available after GDPR and the Temporary Specification.
  • Scenario 2 (compliance audit) could be performed within existing contractual authority, and DPIA analysis indicated that a narrowly tailored audit could be carried out consistent with GDPR, but such an audit would primarily confirm compliance with existing obligations and would be resource-intensive (estimated cost of up to US$750,000 for a full-scale audit), without answering broader questions about identity-level accuracy.
  • Scenario 3 (analysis of full data samples) raised significant legal concerns, with ICANN org indicating that it might lack a sufficient legal basis under GDPR to collect and process a representative sample of full registration data solely for an accuracy study, absent additional policy or contractual changes.
  • Scenario 4 (voluntary registrar survey) could provide some insight into registrar practices but might yield statistically unrepresentative data if participation were limited, and would still face questions about the legal basis for processing certain data.

The report noted that none of the scenarios would confirm whether the registrant was who they claimed to be, which for some stakeholders formed part of their concept of “accuracy”. It proposed alternative steps, including leveraging historical and ongoing Contractual Compliance audit data and analyzing European ccTLD practices in the context of evolving legislative requirements such as the EU NIS2 Directive.[11]

Outcome and Developments[edit | edit source]

The GNSO Council discussed ICANN org’s Assessment of Registration Data Accuracy Scenarios at several meetings in late 2023 and 2024, deferring its consideration of the Scoping Team’s Recommendations #1 and #2 for additional six-month periods while key dependencies such as the DPA negotiations and related studies (including the Inferential Analysis of Maliciously Registered Domains (INFERMAL) Study) remained outstanding.[3] [8]

On August 8, 2024 the Council adopted a motion titled “Registration Data Accuracy Scoping Team Recommendations #1 and #2”, in which it:

  • decided not to proceed with the Scoping Team’s Recommendations #1 (registrar survey) and #2 (registrar audit), citing the limitations identified in ICANN org’s Assessment of Registration Data Accuracy Scenarios;
  • decided not to restart the Registration Data Accuracy Scoping Team at that time, due to limitations in processing data for the purpose of assessing accuracy; and
  • reaffirmed the importance of registration data accuracy to the ICANN community and committed to continue discussing how best to move forward on the topic.[3] [13]

By this point, the Registration Data Accuracy Scoping Team’s active work was effectively concluded.[3] Its documentation, including the Formation and Instructions, meeting materials, and the “Deliberations and Findings for Assignments #1 and #2” report, remained as background for later GNSO Council efforts on accuracy, including the GNSO Council Registration Data Accuracy Small Team.[5] [4]

Members[edit | edit source]

References[edit | edit source]

  1. 1.0 1.1 1.2 1.3 1.4 1.5 ICANN GNSO: Registration Data Accuracy Scoping Team – Formation and Instructions
  2. 2.0 2.1 2.2 ICANN Community: GNSO Council Motions – 17 November 2022
  3. 3.0 3.1 3.2 3.3 ICANN Community: GNSO Council Motions – 8 August 2024
  4. 4.0 4.1 ICANN Community: Registration Data Accuracy Small Team 2024–2025
  5. 5.0 5.1 ICANN Community: GNSO Liaison Report – Developments, Concluded or Suspended Issues/PDPs/ODPs
  6. 6.0 6.1 6.2 6.3 6.4 ICANN GNSO: Registration Data Scoping Team Deliberations & Findings for Assignments #1 and #2
  7. 7.0 7.1 ICANN: ICANN Org Briefing – Registration Data Accuracy Requirements and the European GDPR
  8. 8.0 8.1 8.2 8.3 ICANN GAC: WHOIS and Registration Data Issues
  9. Call for Expressions of Interest for Chair of the Registration Data Accuracy Scoping Team (4 November 2021)
  10. ICANN GAC: RDS/WHOIS and Data Protection Policy
  11. 11.0 11.1 11.2 ICANN GNSO: Assessment of Registration Data Accuracy Scenarios
  12. 12.0 12.1 ICANN GNSO: GNSO Registration Data Accuracy Scoping Team – Update
  13. ICANN GNSO: GNSO Council Motion Recorder – 8 August 2024
  14. ICANN Community: Accuracy Scoping Team Members & mailing list archives

Generic Names Supporting Organization. Develops and recommends to the Board substantive policies relating to generic top-level domains and other responsibilities set forth in the Bylaws (ICANN Bylaws).

Europe, according to the ICANN Geographic Regions (ICANN Geographic Regions).

Governmental Advisory Committee. Considers and provides advice on the activities of ICANN as they relate to concerns of governments, particularly matters where there may be an interaction between ICANN's policies and various laws and international agreements or where they may affect public policy issues (ICANN Bylaws).

At-Large Advisory Committee. Considers and provides advice on the activities of ICANN related to the interests of individual Internet users (ICANN Bylaws). Not to be confused with the Non-Commercial Stakeholder Group.

Security and Stability Advisory Committee. Advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems (ICANN Bylaws).

Country code top-level domain. Determined by "ISO 3166-1: Codes for the representation of names of countries and their subdivisions — Part 1: Country codes".

Business Constituency. The Commercial and Business Users Constituency (CBUC) represents commercial users under the auspices of ICANN. The Business Constituency is organized under the Commercial Stakeholder Group (BC Charter).

Intellectual Property Constituency. Represent(s) the views and interests of owners of intellectual property worldwide with particular emphasis on trademark, copyright, and related intellectual property rights and their effect and interaction with DNS (Bylaws of the Intellectual Property Interests Constituency).

ISPs and Connectivity Providers Constituency. Composed of Internet Service Providers and ISP Associations across the world, thereby ensuring that the Constituency represents a broad range of relevant and diverse ISP and Connectivity interests within the ICANN multistakeholder model (Amended ISPCP Constituency Charter).

Non-Commercial Stakeholder Group. Represents the full range of non-commercial entities of the Internet (ICANN Bylaws). Not to be confused with the At-Large Advisory Committee.

Retrieved from "https://icannwiki.org/index.php?title=Registration_Data_Accuracy_Scoping_Team&oldid=1398375"
Semantic properties for "Registration Data Accuracy Scoping Team"
RDF feed