ICANN refuses GDPR
The decision to refuse GDPR did not proceed without heavy deliberation. ICANN negotiated all the way up until May 25. Even making a last-minute decision to file an injunction against EPAG, instead of complying with GDPR. Their reason being, they needed more clarification, in order to proceed with GDPR adoption. Also, the courts were concerned with EPAG’s lack of address, which is required under the EU abs GDPR data collection guidelines.
EPAG is a European-based domain company stationed in Germany, which serves as ICANN’s primary domain acquisition service provider, for WHOIS data.
What makes most online businesses, such as ICANN, uneasy about these recent GDPR changes?
As an online data information service, ICANN’s exclusion from GDPR is risky, considering the business is founded by evaluating and allocating, online user content which has a likelihood of being frugality. Much of ICANN’s WHOIS data/WHOWAS database, is personal data acquired voluntarily and involuntarily. The data can be pulled with publicly available WHOIS tools.
How about strict compliance requirements, that are not only vague and unclear but potentially detrimental?
GDPR has permanently left their guidelines up for broad interpretation, which has left online businesses scratching their heads. What constitutes adequate online security for one business, could be determined to be inadequate by GDPR. The methodology of this new system leaves much room for misinterpretation, and as a few businesses have testified, GDPR is not shy about fining anyone not in compliance.
What is GDPR?
GDPR, or General Data Protection Regulation, is a policy adopted by the European Union in April 2016. Implementation of this new system was supposed to replace the EU’s outdated data protection system already in place. As part of the policy, European-based businesses, are required to implement GDPR-standard regulatory measures, in regards to protecting online consumer identity and transactions. Specifically, all online transactions conducted within states designated by the EU and outside the EU must adhere to these guidelines.
GDPR focuses on maintaining and amplifying universal public security. Specifications include regulation of SSN, IP addresses, and any personal information that may have been obtained via the business’ website. The GDPR intends to establish a uniformed data protection protocol amongst all members within the EU. However, it may be sometime before these measures are publicized.
ICANN Next Steps
On May 17, 2018, ICANN’s Board of Members devised alternative policy, one that was designed to resolve GDPR regulation issues but keeps the client’s private information safe. The policy referred to as Temporary Specification policy safeguards ICANN in the loom of the May 25th deadline.
The deadline to integrate GDPR was May 25, 2018.
As a fully functioning data retrieval business, ICANN was concerned that the GDPR standards were not clear enough. GDPR changes would require ICANN to reconfigure their already established security policies, and adopt new methodologies that would otherwise, not fit with their business practices.
ICANN argues that their implemented customer securities policies already address GDPR concerns to the highest standard. For ICANN the next steps have been, to make it clear to the EU and their clients, that the company has no desire to jeopardize its business-relationships and client confidentiality.