IPC/BC Presentation: Community Work on Accreditation and Access - - PowerPoint PPT Presentation

ipc bc presentation community work on accreditation and
SMART_READER_LITE
LIVE PREVIEW

IPC/BC Presentation: Community Work on Accreditation and Access - - PowerPoint PPT Presentation

Feb 27, 2023 275 likes •368 views

IPC/BC Presentation: Community Work on Accreditation and Access Model for Non-Public WHOIS 26 June 2018 ICANN62 GAC Plenary Meeting Agenda Item 8 - GDPR Discussion Agenda | 2 Context & Timeline 25-May-2018 May-2019 New P/P

slide-1
SLIDE 1

IPC/BC Presentation: Community Work on Accreditation and Access Model for Non-Public WHOIS

26 June 2018 ICANN62 GAC Plenary Meeting Agenda Item 8 - GDPR Discussion

slide-2
SLIDE 2

| 2

Agenda

slide-3
SLIDE 3

25-May-2018 May-2019

ICANN Org Data Protection Authorities European Data Protection Board, EC, Governments

Legal Guidance

Article 29 Working Party

Temp Spec Enforcement

Binding Opinions

Temp Spec in Operation

New RDS Implemented Enforcement Advice

ICANN Community RDS (Registration Data Services) EPDP

Privacy/Proxy Services Accreditation

New P/P Services New RDS Policy

Context & Timeline

slide-4
SLIDE 4

Current Temp Spec Obligations for Registries and Registrars:

  • 4. Access to Non-Public Registration Data

4.1. Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interest pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR.

from p.19 of the Temporary Specification approved by the ICANN Board, 17-May-2018

slide-5
SLIDE 5

Registrants Registries Registrars

Data Escrow Providers ICANN (Thin data)

Registrant Data for Public display

  • anonymized registrant email or web form
  • registrant organization
  • registrant state/province & country
  • primary & secondary name server(s)
  • information about Registrar
  • creation and expiration date of registration

Any Requestor with Legitimate Interest

Non-Public Registrant Data, for:

Access, via Website and Port 43

Accredited Requestors

“unless

  • verridden by

data subject rights”

slide-6
SLIDE 6

| 1

Importance / Basis for Authenticated Access to Data – D Taylor

The Past

  • Reverse WHOIS: Pattern of bad faith: One of the key elements when bringing a UDRP
  • A pivotal pointer for a Complainant to see if the domain name registration a one off /

accident / genuine fan site or part of a targeted infringement / phishing campaign

  • http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2014-2015
  • http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1934
  • http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2016-2380

The Present

  • Post 25 May 2018 Public WHOIS dramatically changed. Now behind a curtain
  • Need for legitimate access
  • Radical change but no system for access in sync with this change
  • Who is benefitting most from GDPR and WHOIS? Internet phishers and infringers?
  • Individual requests to individual registrars with varied results
  • Varied responses: Refusal to provide? Delay providing? Misunderstanding of the law?
  • Manual one to one requesting is time heavy for everyone.

The Future

  • With the curtain drawn necessity to have an access and accreditation system
  • NB for a legitimate interest, not unfettered access by anyone to the personal data of

individuals for any purpose.

slide-7
SLIDE 7
slide-8
SLIDE 8