General Data Protection Regulation

Revision as of 23:51, 31 January 2018 by Dustin Loup (talk | contribs)

Global Data Protection Regulation (GDPR) or Regulation (EU) 2016/679[1] is a piece of legislation collaboratively drafted for the data protection of the citizens of the European Union. The regulation is also an update of Data Protection Directive.

The GDPR places specific legal obligations on 'processors' and 'controllers', those who acts as intermediaries between the user/consumer and themselves, the government or any other actor. The controller determines how and why data is processed and processors act on the controller's behalf. Processors maintain data records and are held responsible in case of a breach.

With the update on existing legislation, the GDPR is more precise and inclusive of what constitutes private information than its predecessor. Personal data, that is anything that can identify a user, including an IP address is included, as well as 'sensitive personal data' which may include genetic and biomedical data.

The GDPR will be will apply from May 25, 2018 forward. EU Member States have until May 6, 2018 to embedded the legislation into their national law.[2]

ICANN's Response edit

In response to the May 2017 decision by the European Union, ICANN CEO, Göran Marby along with Akram Atallah formed an internal task force devoted to the matter. The task force is comprised of senior leaders and experts focused on parallel tracks: contracted parties and engagement, and the ICANN organization. The task force will determine how the legislation fits under ICANN's purview, as well as working with registries and registrars to problem-solve and reexamine how the legislation impacts them. This work will take place as part of the multistakeholder process and will be discussed more in depth at ICANN59 in Johannesburg, South Africa.

References edit