GDPR changes
With GDPR coming into force, this was considered the last large public meeting. ICANN has a significant chance which could be considered its last in the attempt to merge the community together and create a path heading towards compliance. Now with several days in Puerto Rico it’s been reported that ICANN.org could miss this great opportunity. It’s noted that many of ICANN staff and the board along with particular stakeholder constituencies are just not prepared to take on changes that are required to meet the GDPR changes and compliance. The denial starts with the stakeholders who drive ICANN decision-making when it comes to who is reform. Their goal seems to be to hold onto the old WHOIS database while using GDPR complaints. They are light on unrealistic rationalizations and procedural loopholes in considering legal risk and compliance which keeps them doing the same thing as before. Fines and lawsuits will definitely hit the ICANN community.
Litigation is Coming
This blog thesis is to give them what they ask for. It should be a certain reality that preparation for litigation is, in fact, the possibility. Documentation should be done carefully and calmly to show how ICANN fails reforms, doesn’t meet and misses all general GDPR tests. It should also be noted that ICANN contracting parties face risk of being sued as well. That said, all litigants will be cheered on with support as they are given help regarding funding until ICANN ceases the game playing and decides to make simple reforms that are needed regarding basic data protection.
What accounts for this?
There are several things, but the main one is when ICANN released a proposal on March 8th regarding an interim model for GDPR compliance. It clearly shows in attachment 3, on page 56, there is a drastic reduction to data that Whois will display publicly. Before the celebrations begin, it’s imperative one see and read the attachment appearing on page 58. It reveals that ICANN is attempting to escape the serious data protection laws by using a “tiered” access. This basically means that the data, most of it, won’t be available to those who make queries on a domain, but it can be found by certain accredited parties.