Difference between revisions of "Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data"
Line 354: | Line 354: | ||
=== EPDP Phase 2 === | === EPDP Phase 2 === | ||
====Deliberations and Initial Report==== | ====Deliberations and Initial Report==== | ||
− | In Phase 2, the EPDP team was tasked with addressing open issues left unresolved from Phase 1, addressing issues listed in the Annex to the Temporary Specification,<ref>[https://www.icann.org/resources/pages/gtld-registration-data-specs-en/#annex ICANN.org - Temporary Specification for gTLD Registration Data: Annex-Important Issues for Further Community Action]</ref> and developing a standardized access system for nonpublic registration data.<ref name="finalrep">[https://gnso.icann.org/en/correspondence/epdp-phase-2-temp-spec-gtld-registration-data-2-31jul20-en.pdf GNSO Archive - EPDP Temp Spec Phase 2 Final Report], July 31, 2020</ref> The team's Initial Report was published for public comment in February 2020<ref>[https://gnso.icann.org/en/issues/epdp-phase-2-initial-07feb20-en.pdf GNSO Archive - EPDP Temp Spec Phase 2 Initial Report], February 7, 2020 (PDF)</ref> | + | In Phase 2, the EPDP team was tasked with addressing open issues left unresolved from Phase 1, addressing issues listed in the Annex to the Temporary Specification,<ref>[https://www.icann.org/resources/pages/gtld-registration-data-specs-en/#annex ICANN.org - Temporary Specification for gTLD Registration Data: Annex-Important Issues for Further Community Action]</ref> and developing a standardized access system for nonpublic registration data.<ref name="finalrep">[https://gnso.icann.org/en/correspondence/epdp-phase-2-temp-spec-gtld-registration-data-2-31jul20-en.pdf GNSO Archive - EPDP Temp Spec Phase 2 Final Report], July 31, 2020</ref> The team's Initial Report was published for public comment in February 2020<ref name="2initrep">[https://gnso.icann.org/en/issues/epdp-phase-2-initial-07feb20-en.pdf GNSO Archive - EPDP Temp Spec Phase 2 Initial Report], February 7, 2020 (PDF)</ref> The report outlined a proposed model for SSAD, where requests were sent to a centralized clearinghouse, and then action up on responses to were taken up by each contracted party, as applicable. The model was based on the following broad principles: |
+ | * Ideally, receipt, authentication, and transmission of SSAD requests should be automated wherever feasible. Disclosure decisions may be automated to the extent feasible, but should be standardized as much as possible across decisions. | ||
+ | * SSAD should be subject to continuous improvement, via a method of review and improvement that operates within the policies outlined by the EPDP, ICANN Bylaws, GNSO procedures & guidelines, and data protection legislation and regulation. | ||
+ | * Contracted parties should be subject to service-level agreements (SLAs) regarding response time for SSAD requests, based on priority. | ||
+ | * Responses to requests should be transmitted directly from the contracted party to the requestor, but there must be some sort of logging or tracking mechanism so that the SSAD "clearinghouse" is able to monitor and record decisions, compliance with SLAs, and perform other oversight of request processing.<ref name="2initrep" /> | ||
+ | |||
+ | The Initial Report contained 19 recommendations regarding the proposed model:<ref name="2initrep" /> | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Recommendation(s) | ||
+ | ! Subject | ||
+ | ! Notes | ||
+ | |- | ||
+ | | 1-2 | ||
+ | | Accreditation | ||
+ | | Accreditation requirements for entities (1) and government agencies (2) | ||
+ | |- | ||
+ | | 3-5 | ||
+ | | Requests | ||
+ | | Processing of requests, form & content of request, and receipt acknowledgement | ||
+ | |- | ||
+ | | 6-8 | ||
+ | | Responses | ||
+ | | Authorization of requests, including automated requests, and form and content of responses from contracted parties | ||
+ | |- | ||
+ | | 9 | ||
+ | | SLAs | ||
+ | | Priority levels and required response times | ||
+ | |- | ||
+ | | 10, 12, 13, 14 | ||
+ | | Terms of Use | ||
+ | | Acceptable use policy recommendations (10), terms of use and privacy policy (13), and monitoring & enforcement of policies (12); requestors must agree to store & maintain disclosed data in a secure manner, and dispose of data once its purpose has been fulfilled (14) | ||
+ | |- | ||
+ | | 11 | ||
+ | | Disclosure | ||
+ | | Rules and requirements regarding disclosure of information in response to an SSAD request | ||
+ | |- | ||
+ | | 15 | ||
+ | | Financial Sustainability | ||
+ | | Distinguishing SSAD start-up costs from operating costs; possible cost-recovery measures to maintain financial viability | ||
+ | |- | ||
+ | | 16-17 | ||
+ | | Automation | ||
+ | | SSAD should be automated to the greatest extent possible (16); logging (17) should include a variety of metrics and transactional milestones for requests, responses, and enforcement actions;<br /> | ||
+ | |- | ||
+ | | 18 | ||
+ | | Audit | ||
+ | | Audit procedures for the accrediting authority, contracted parties, and accredited parties | ||
+ | |- | ||
+ | | 19 | ||
+ | | Evolution | ||
+ | | Mechanism for review, improvement, and evolution of SSAD to increase effectiveness and streamline operations<br /> | ||
+ | |} | ||
====Final Report==== | ====Final Report==== |
Revision as of 19:51, 14 December 2021
Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data | |
---|---|
Status: | Active |
Issue Areas: | Domain Name Registrant Data |
Date Established: | 2018/07/19 |
Charter: | WG Charter |
Workspace: | Community Wiki |
The Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (EPDP) was initiated by the GNSO Council on 19 July 2018 to determine if the Temporary Specification for gTLD Registration Data should become ICANN consensus policy, with or without modifications, while ensuring compliance with the European Union's General Data Protection Regulation (GDPR) and other relevant privacy and data protection laws.
Background on the development of the EPDP option[edit | edit source]
History[edit | edit source]
On January 8, 2012, GNSO Policy staffers released a discussion paper[1] about the many questions that had arisen from the implementation of the New gTLD Program, especially concerning when policy vs. implementation work was needed. The GNSO Policy & Implementation Working Group was formed in July 2013.[2] On June 24, 2015, the GNSO Council unanimously adopted the WG's recommendations, which included three new GNSO processes. The GNSO Guidance Process (GGP) and the GNSO Expedited Policy Development Process required changes to the ICANN Bylaws. The EPDP procedures, outlined in Annex A-1 of the ICANN Bylaws, went into effect on September 28, 2015.
Criteria[edit | edit source]
The GNSO Council may invoke the EPDP (1) to address a narrowly defined policy issue that has already been identified and scoped, following the adoption and/or implementation of a GNSO policy recommendation by the Board; or (2) to create new or additional recommendations for an issue on which extensive, pertinent background information already exists; for instance, the issue may have been discussed in an Issue Report for a PDP that was not initiated or completed or was part of a GGP.[3]
Temporary Specificiation Context[edit | edit source]
History[edit | edit source]
On 17 May 2018, the ICANN Board adopted the Temporary Specification as an interim model for WHOIS compliance. This temporary specification was designed to allow registries and registrars to be compliant with the GDPR without being in breach of their contract with ICANN. The procedure for Temporary Policies requires the consensus policy development process to be completed within a year of the Temporary Specification effective date of 25 May 2018.
On 19 July 2018, the GNSO Council initiated and chartered a two-phase EPDP on the Temporary Specification for gTLD Registration Data Team. During Phase 1, the EPDP Team determined whether the Temporary Specification should become an ICANN Consensus Policy as is,
or with modifications.
On 20 February 2019, the EPDP Phase 1 Team submitted its Final Report.
On 4 March 2019, the GNSO Council adopted all 29 recommendations.
On 15 May 2019, the ICANN Board adopted 27 of the recommendations[4]
On 17 May 2019 the Implementation Team published the Interim Registration Data Policy for gTLDs[5] effective as of 20 May 2019, requiring contracted parties to continue implementing the Temporary Specification pending the ultimate Registration Data Policy.
On 29 May 2019, ICANN Org and the implementation review team (IRT) began implementing the Registration Data Policy.
On 02 October 2019, the GNSO council liaison informed the GNSO Council that the recommended 29 February 2020 effective date was not feasible.
On 1 November 2019, the implementation team delivered a report on Recommendation 15.1[6] to the GNSO about how ICANN retains data
On 6 December 2019, the implementation team delivered a report on Recommendation 15.4[7] to the EPDP Phase 2 Team about the ICANN process for handling registrar data retention waivers
On 18 February 2020, the implementation team delivered the "Recommendation 27 Wave 1" Report[8] to GNSO about the potential Registration Data Policy's impacts on existing consensus policies
On 8 July 2020, the implementation team delivered a report on Recommendation 17.2 to the EPDP Phase 2 Team about differentiating between Legal and Natural Persons in Domain Name Registration and Data Directory Services
In August 2020, the EPDP team completed Phase 2 and published the final report.
On 24 September 2020, the GNSO Council approved the Phase 2 Priority 2 recommendations.
On 23 February 2021, the implementation team delivered Recommendation 27 Wave 1.5 Report to GNSO on Registration Data Policy Impacts on Privacy and Proxy Services Accreditation Issues (PPSAI) and Translation and Transliteration of Contact Information (T/T) On 21 June 2021, the Board adopted Recommendations 19-22 about city field redaction, display of privacy/proxy registrations’ contact data, the purpose of data processing as it relates to the security, stability, and resiliency of the DNS, and registration data retention time periods.
Mission and Scope[edit | edit source]
The EPDP Team's objective is to determine if the Temporary Specification should become an ICANN Consensus Policy, as is or with modifications, while complying with the GDPR and other relevant privacy and data protection law. At a minimum, the EPDP is expected to consider the questions laid out in the charter.
The charter questions break down into two sections:
- Questions on the "Terms of the Temporary Specification"
- Questions on a "System for Standardized Access to Non-Public Registration Data"
EPDP Team[edit | edit source]
Structure[edit | edit source]
The EPDP is constituted of participants filling different roles including:
- Team Members
- GNSO Members are appointed by Stakeholder Groups (SGs)
- Contracted Party House (6 Members, 6 Alternates)
- Registries Stakeholder Group (3 Members, 3 Alternates)
- Registrars Stakeholder Group (3 Members, 3 Alternates)
- Non-Contracted Party House (12 Members, 6 Alternates)
- Commercial Stakeholder Group (6 Members, 3 Alternates)
- Non-Commercial Stakeholder Group (6 Members, 3 Alternates
- Contracted Party House (6 Members, 6 Alternates)
- ALAC ( 2 Members, 2 Alternates)
- SSAC (2 Members, 2 Alternates)
- GAC (3 Members, 3 Alternates)
- RSSAC (2 Members, 2 Alternates) (Not Filled)
- ccNSO (2 Members, 2 Alternates) (Not Filled)
- GNSO Members are appointed by Stakeholder Groups (SGs)
- Liaisons
- Team Alternates
- Observers
On 18 April 2019, the GNSO Council approved the appointment of Janis Karklins, Latvian Ambassador to the United Nations at Geneva, as the chair for the EPDP Team Phase 2.[9]
Members[edit | edit source]
Members/Liaisons | Affiliation | SOI | |
---|---|---|---|
1 | Alan Woods | RySG | SOI |
2 | Kristina Rosette | RySG | SOI |
3 | Marc Anderson | RySG | SOI |
4 | James Bladel | RrSG | SOI |
5 | Matt Serlin | RrSG | SOI |
6 | Emily Taylor | RrSG | SOI |
7 | Alex Deacon | IPC | SOI |
8 | Diane Plaut | IPC | SOI |
9 | Margie Milam | BC | SOI |
10 | Mark Svancarek | BC | SOI |
11 | Esteban Lescano | ISPCP | SOI |
12 | Thomas Rickert | ISPCP | SOI |
13 | Stephanie Perrin | NCSG | SOI |
14 | Ayden Ferdeline | NCSG | SOI |
15 | Milton Mueller | NCSG | SOI |
16 | Julf Helsingius | NCSG | SOI |
17 | Amr Elsadr | NCSG | SOI |
18 | Farzaneh Badiei | NCSG | SOI |
19 | Georgios Tselentis | GAC | SOI |
20 | Kavouss Arasteh | GAC | SOI |
21 | Ashley Heineman | GAC | SOI |
22 | Alan Greenberg | ALAC | SOI |
23 | Hadia Elminiawi | ALAC | SOI |
24 | Benedict Addis | SSAC | SOI |
25 | Ben Butler | SSAC | SOI |
26 | Chris Disspain | ICANN Board Liaison | SOI |
27 | Leon Felipe Sanchez | ICANN Board Liaison | SOI |
28 | Rafik Dammak | GNSO Council Liaison | SOI |
29 | Trang Nguyen | ICANN Org Liaison (GDD) | SOI |
30 | Dan Halloran | ICANN Org Liaison (Legal) | n/a |
31 | Kurt Pritz | EPDP Team Chair | SOI |
Alternates[edit | edit source]
Alternates | Affiliation | SOI | |
---|---|---|---|
1 | Matthew Crossman | RySG | n/a |
2 | Arnaud Wittersheim | RySG | SOI |
3 | Sebastien Ducos | RySG | SOI |
4 | Jeff Yeh | RrSG | SOI |
5 | Volker Greimann | RrSG | SOI |
6 | Lindsay Hamilton-Reid | RrSG | SOI |
7 | Sarah Wyld | RrSG | SOI |
8 | Theo Geurts | RrSG | SOI |
9 | Brian King | IPC | SOI |
10 | Steve DelBianco | BC | SOI |
11 | Suman Lal Pradhan | ISPCP | SOI |
12 | Tatiana Tropina | NCSG | SOI |
13 | David Cake | NCSG | SOI |
14 | Collin Kurre | NCSG | SOI |
15 | Chris Lewis-Evans | GAC | SOI |
16 | Rahul Gosain | GAC | SOI |
17 | Laureen Kapin | GAC | SOI |
18 | Holly Raiche | ALAC | SOI |
19 | Seun Ojedeji | ALAC | SOI |
20 | Greg Aaron | SSAC | SOI |
21 | Rod Rasmussen | SSAC | SOI |
Phases[edit | edit source]
EPDP Phase 1 Final Report[edit | edit source]
The Final Report of the Temporary Specification for gTLD Registration Data (EPDP) was published on 20 February 2019. The representatives from the Intellectual Property Constituency (IPC) and Business Constituency (BC) voted against the Final Report, but since all other GNSO Councillors were in favour, the Final Report was approved.[10] The report was then passed to the ICANN Board for adoption.
The report contains an analysis of affected parties, anticipated time to implement recommendations, and other pertinent information that will assist the Board's deliberations on the EPDP Phase 1 policy recommendations[11]. The recommendations from this report must be adopted by concerned parties on or before 29 February 2020.
EPDP Phase 2[edit | edit source]
Deliberations and Initial Report[edit | edit source]
In Phase 2, the EPDP team was tasked with addressing open issues left unresolved from Phase 1, addressing issues listed in the Annex to the Temporary Specification,[12] and developing a standardized access system for nonpublic registration data.[13] The team's Initial Report was published for public comment in February 2020[14] The report outlined a proposed model for SSAD, where requests were sent to a centralized clearinghouse, and then action up on responses to were taken up by each contracted party, as applicable. The model was based on the following broad principles:
- Ideally, receipt, authentication, and transmission of SSAD requests should be automated wherever feasible. Disclosure decisions may be automated to the extent feasible, but should be standardized as much as possible across decisions.
- SSAD should be subject to continuous improvement, via a method of review and improvement that operates within the policies outlined by the EPDP, ICANN Bylaws, GNSO procedures & guidelines, and data protection legislation and regulation.
- Contracted parties should be subject to service-level agreements (SLAs) regarding response time for SSAD requests, based on priority.
- Responses to requests should be transmitted directly from the contracted party to the requestor, but there must be some sort of logging or tracking mechanism so that the SSAD "clearinghouse" is able to monitor and record decisions, compliance with SLAs, and perform other oversight of request processing.[14]
The Initial Report contained 19 recommendations regarding the proposed model:[14]
Recommendation(s) | Subject | Notes |
---|---|---|
1-2 | Accreditation | Accreditation requirements for entities (1) and government agencies (2) |
3-5 | Requests | Processing of requests, form & content of request, and receipt acknowledgement |
6-8 | Responses | Authorization of requests, including automated requests, and form and content of responses from contracted parties |
9 | SLAs | Priority levels and required response times |
10, 12, 13, 14 | Terms of Use | Acceptable use policy recommendations (10), terms of use and privacy policy (13), and monitoring & enforcement of policies (12); requestors must agree to store & maintain disclosed data in a secure manner, and dispose of data once its purpose has been fulfilled (14) |
11 | Disclosure | Rules and requirements regarding disclosure of information in response to an SSAD request |
15 | Financial Sustainability | Distinguishing SSAD start-up costs from operating costs; possible cost-recovery measures to maintain financial viability |
16-17 | Automation | SSAD should be automated to the greatest extent possible (16); logging (17) should include a variety of metrics and transactional milestones for requests, responses, and enforcement actions; |
18 | Audit | Audit procedures for the accrediting authority, contracted parties, and accredited parties |
19 | Evolution | Mechanism for review, improvement, and evolution of SSAD to increase effectiveness and streamline operations |
Final Report[edit | edit source]
The EPDP team submitted the Phase 2 Final Report to the GNSO Council on July 31, 2020, which the GNSO council approved on September 24, 2020. The Final Report primarily set out recommendations for a System for Standardized Access/Disclosure (SSAD) to nonpublic gTLD registration data. The 18 SSAD-related policy recommendations addressed the following areas:
- Accreditation of SSAD requestors, including governmental entities
- Required criteria and content of SSAD requests
- Response requirements
- Required Service Level Agreements (SLAs)
- Automation of SSAD processing
- Terms and conditions of SSAD
- Logging, auditing, and reporting requirements;
- Creation of a GNSO Standing Committee to evaluate SSAD operational issues and propose improvements to the GNSO Council.
The EPDP Team advised the GNSO council to treat these recommendations as one package and pass them on as such to the ICANN Board.[15]
References[edit | edit source]
- ↑ Policy vs. Implementation Framework
- ↑ PI WG Recommendations
- ↑ ICANN Bylaws Annex A1
- ↑ ICANN Board Resolutions, ICANN Resources
- ↑ Interim RDP for gTLDs, ICANN Resources
- ↑ Rec 15.1 Report, EPDP on Temp Spec
- ↑ 15.4 Report, EPDP on Temp Spec
- ↑ Rec 27 Wave 1 Report, EPDP on Temp Spec
- ↑ https://gnso.icann.org/en/announcements/announcement-2-22apr19-en.htm
- ↑ https://www.comlaude.com/epdp-update/
- ↑ https://gnso.icann.org/en/announcements/announcement-2-22apr19-en.htm
- ↑ ICANN.org - Temporary Specification for gTLD Registration Data: Annex-Important Issues for Further Community Action
- ↑ GNSO Archive - EPDP Temp Spec Phase 2 Final Report, July 31, 2020
- ↑ 14.0 14.1 14.2 GNSO Archive - EPDP Temp Spec Phase 2 Initial Report, February 7, 2020 (PDF)
- ↑ GNSO ICANN69 Policy Briefing