14,932
edits
Changes
Jump to navigation
Jump to search
Line 578:
Line 578: − + − + − + − + − + + + + + + + + + + + + + + +
Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (view source)
Revision as of 17:19, 25 January 2023
, 1 year ago→Public Comments Summary Report
====Legal vs. Natural Persons====
====Legal vs. Natural Persons====
The [[GDPR]] only protects natural persons. In Phase 1 of the EPDP, the team determined that contracted parties should have the option to distinguish between registrants that are legal persons (i.e. organizations or corporate forms) and those that are natural persons. The Phase 2A team was tasked with reviewing those Phase 1 recommendations, and providing any additional guidance it deemed necessary.
The [[GDPR]] only protects natural persons. In Phase 1 of the EPDP, the team determined that contracted parties should have the option to distinguish between registrants that are legal persons (i.e. organizations or corporate forms) and those that are natural persons. The Phase 2A team was tasked with reviewing those Phase 1 recommendations and providing any additional guidance it deemed necessary.
The final report took no position on whether or not the recommendations in Phase 1 should be changed regarding the option for registrars and registries to draw distinctions between natural and legal persons. The working group did recommend that ICANN org work with technical policy groups to ensure that such distinctions could be made by contracted parties, and that systems such as [[SSAD]] would be compatible with contracted party systems.<ref name="2areport" /> The team also developed guidance for registrars and registries choosing to make the distinction between legal and natural persons.<ref name="2areport" />
The final report took no position on whether or not the recommendations in Phase 1 should be changed regarding the option for registrars and registries to draw distinctions between natural and legal persons. The working group did recommend that ICANN org work with technical policy groups to ensure that such distinctions could be made by contracted parties, and that systems such as [[SSAD]] would be compatible with contracted party systems.<ref name="2areport" /> The team also developed guidance for registrars and registries choosing to make the distinction between legal and natural persons.<ref name="2areport" />
====Unique Identifiers====
====Unique Identifiers====
The team was unable to reach consensus on the development of mandatory unique identifiers:
The team was unable to reach a consensus on the development of mandatory unique identifiers:
<blockquote>Certain stakeholders see risks and other concerns that prevent the EPDP Team from making a recommendation to require Contracted Parties to make a registrant-based or registration-based email address publicly available at this point in time. The EPDP Team does note that certain stakeholder groups have expressed the benefits of 1) a registration-based email contact for contactability purposes as concerns have been expressed with the usability of web forms and 2) a registrant-based email contact for registration correlation purposes.<ref name="2areport" /></blockquote>
<blockquote>Certain stakeholders see risks and other concerns that prevent the EPDP Team from making a recommendation to require Contracted Parties to make a registrant-based or registration-based email address publicly available at this point in time. The EPDP Team does note that certain stakeholder groups have expressed the benefits of 1) a registration-based email contact for contactability purposes as concerns have been expressed with the usability of web forms and 2) a registrant-based email contact for registration correlation purposes.<ref name="2areport" /></blockquote>
==Registration Data Consensus Policy for gTLDs==
The recommendations to be implemented by the Implementation Review Team ([[IRT]]) were shared with [[ICANN Organization]] to create an ICANN Consensus Policy that complies with the GDPR and other relevant privacy and data protection laws. In August 2022, a [[Public Comment]] proceeding was opened concerning the proposed Registration Data Consensus Policy for gTLDs. ICANN Org sought feedback on:<ref>[https://www.icann.org/en/public-comment/proceeding/registration-data-consensus-policy-for-gtlds-24-08-2022 Proposed Reg Data Consensus Policy, Public Comments, ICANN]</ref>
# the collection, transfer, and publication of gTLD registration data, especially as it relates to
#* the [[WHOIS#Thick WHOIS|Thick Whois]] Transition Policy (Section 7)
#* the prohibition of personal data in the log file requirements relating to communications sent to RDDS/[[WHOIS]] Contacts (Section 11)
#* Changes to processing requirements for administrative and technical contact data elements (Section 6)
#* Standardization of the Registrant Organization data element, especially notifications to the registrant and how and when the value must be published (Sections 6 and 9, Addendum II)
#* Changes to the duration of retention requirements (Section 12)
# EPDP-TempSpec Phase 1 Recommendation 27, concerning
#* updates to existing policies and procedures that touch on Registration Data
#* ICANN Org determined that 18 of 24 existing policies and procedures would be impacted by the Registration Data Consensus Policy, including outdated provision language, high-level issues, such as the relevance or inconsistency of an existing policy or procedure with the new Registration Data Consensus Policy, and implications for existing contractual provisions.
===Public Comments Summary Report===
On January 20, 2023, ICANN Org released its summary report on the 14 submissions it received. The summary identified several key themes, including:
# the need for clarification in sections 2, 3, 5, 6, 7, 9, 10, 12, and addendums I and II.
# areas in the drafted policy language did not accurately reflect the policy recommendations, such as "processing" in sections 1, the "scope" in section 2, the entirety of section 2.2, sections 3.8-3.10, and "consent" and "personal data" as they relate to the GDPR, the timeline in section 4, updates to section 5 to reflect events that have happened in the meanwhile, the use of "must" in sections 6, 7, 8, and 9, the use of "urgent," the proposed deadlines, and the lack of explanation for circumstances under which a request must be considered in section 10, issues with the specifics of logging in section 11, and the "minimum retention period" in section 12.
# the need to correct some of the redlines in the Additional Whois information Policy, the [[ERRP]], the [[Protection of IGO and INGO Identifiers in All gTLDs Policy|Protection of IGO and INGO Identifiers]], the CL&D Policy, the Thick Whois Transition Policy, the Transfer [[FOA]] and initial authorization, the [[TDRP]], the [[Inter-Registrar Transfer Policy|Transfer Policy]], [[UDRP]]-related documents, the [[Whois Data Reminder Policy]] (WDRP) Rules, and [[RDAP]]-related documents.
ICANN Org interpreted and summarized the public comments as outlining clarifications needed on requirements for the transfer of specific registration data from registrar to registry and the impact on the Thick WHOIS Transition Policy, changes needed to processing requirements for administrative and technical contact data elements and disclosure requirements, ensuring the Registration Data Policy is consistent with amended [[RA]] and [[RAA]], and updates to reflect the November 2022 adoption of The Network and Information Security ([[NIS2]]) Directive.<ref>[https://itp.cdn.icann.org/en/files/contracted-parties/public-comment-summary-report-registration-data-consensus-policy-gtlds-20-01-2023-en.pdf Public Comment Summary Report on Proposed Reg Data Consensus Policy, ICANN]</ref>
==References==
==References==
[[Category:EPDPs]]
[[Category:EPDPs]]