The European General Data Protection Regulation (GDPR) has negatively impacted the ability of legitimate third parties to access the domain name registration data contained within the WHOIS system. This issue remains one of the most critical in Internet policy for intellectual property owners, who have historically relied on access to such data for online enforcement purposes.
Following the adoption of the Temporary Policy on gTLD Registration Data by the ICANN Board in May 2018, pursuant to which the vast majority of WHOIS data was redacted from public view, community stakeholder representatives formed a working group known as the Expedited Policy Development Process Working Group (EPDP) to develop a permanent ICANN consensus policy on the processing of domain name registration data, including publication and access to non-public data. The initial phase of the EPDP work was completed in March 2019. During this phase,a permanent consensus policy was established in regards to the collection,storage, and publication of registration data. Based on this process, it was established that all public registration data would continue to be redacted from public view except for the registrant’s organization (if the registrant voluntarily identified one), their state or province, their country, and an anonymized email address or link to an online web form to communicate with the registrant, along with certain non-identifying information associated with the domain name (e.g. the registrar, creation and expiration dates, and name servers).
Following completion of EPDP Phase 1, the group reformed into EPDP Phase 2 to focus on the development of a Standardized System for Access and Disclosure (SSAD) of non-public registration data for third parties with a legitimate interest in obtaining such data.
EPDP Phase 2 - Designing a Standardized System of Access/Disclosure for Non-Public Data
The Phase 2 Working Group initially focused on the creation of “use cases” for third party access, including for intellectual property enforcement and related legal claims, cyber-security, and law enforcement, and then reviewed these scenarios to identify universal “building blocks” for the SSAD policy. These building blocks include elements such as an accreditation process for legitimate user sand certain safeguards for all SSAD users to ensure that disclosed non-public data is protected from further inappropriate dissemination or use beyond the stated legitimate purpose associated with a disclosure request.
Based on these concepts, and with the aid of outside legal advice, the Phase 2 Working Group reached a preliminary consensus to support a proposed centralized hybrid model for SSAD. Under this approach, ICANN or a designee will be responsible for the management of a centralized disclosure request system that will accept and correctly route disclosure requests to the applicable contracted parties (registry operator and/or registrar) upon receiving a request by an accredited entity. From an intellectual property perspective, there are several benefits to the creation of a hybrid model. Most notably, a third party requestor will experience ease of use by managing their requests through a single system,rather than having to route disclosure requests through multiple systems or individually to each applicable registry or registrar. This system will include an agreed-upon service level agreement in order for the requestor to be able to predict response times and other key aspects of using the system. That said, while these consolidation aspects of the system are beneficial for users, the system will still require individual assessments and responses by contracted parties to determine their ability to disclose the requested registration data based on the requirements of GDPR and potentially other applicable law in each case. Brand owners would strongly prefer a system that instead takes these individual assessments out of the hands of each registry and registrar but it was initially determined that a more automated or centralized decision-making approach might not comport with the requirements of the GDPR.
EPDP Phase 2 Initial Report - Public Comment Period
The Phase 2 Initial Report is now published for public comment. We strongly encourage all intellectual property owners and membership organizations advocating on behalf of IP owners to submit comments on this Initial Report through the public comment link on the ICANN website through the link above.
While the report is out for public comment until March 23, 2020, the Working Group will continue with its work in other areas not directly related to development of the SSAD, such as determining if there will be a distinction between data of legal versus natural persons and the redaction of the registrant city field from public registration data.
If you have any questions or would like assistance in preparing public comments on this matter, please contact any of the following Winterfeldt IP Group team members:
Brian J. Winterfeldt, email@example.com 202-903-4422
Griffin M. Barnett, firstname.lastname@example.org 202-759-5836