Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday June 01 2018, @09:28PM   Printer-friendly
from the yes,-that-means-you,-too dept.

https://www.techdirt.com/articles/20180531/06500839947/icanns-pre-emptive-attack-gdpr-thrown-out-court-germany.shtml

The EU's General Data Protection Regulation (GDPR) has only just started to be enforced, but it is already creating some seriously big waves in the online world, as Techdirt has reported. Most of those are playing out in obvious ways, such as Max Schrems's formal GDPR complaints against Google and Facebook over "forced consent" (pdf). That hardly came as a shock -- he's been flagging up the move on Twitter for some time. But there's another saga underway that may have escaped people's notice. It involves ICANN (Internet Corporation for Assigned Names and Numbers), which runs the Internet's namespace. Back in 2015, Mike memorably described the organization as "a total freaking mess", in an article about ICANN's "war against basic privacy". Given that history, it's perhaps no surprise that ICANN is having trouble coming to terms with the GDPR. The bone of contention is the information that is collected by the world's registrars for the Whois system, run by ICANN. EPAG, a Tucows-owned registrar based in Bonn, Germany, is concerned that this personal data might fall foul of the GDPR, and thus expose it to massive fines. As it wrote in a recent blog post:

We realized that the domain name registration process, as outlined in ICANN's 2013 Registrar Accreditation Agreement, not only required us to collect and share information we didn't need, it also required us to collect and share people's information where we may not have a legal basis to do so. What's more, it required us to process personal information belonging to people with whom we may not even have a direct relationship, namely the Admin and Tech contacts [for each domain name].

All of those activities are potentially illegal under the GDPR. EPAG therefore built a new domain registration system with "consent management processes", and a data flow "aligned with the GDPR's principles". ICANN was not happy with this minimalist approach, and sought an injunction in Germany in order to "preserve Whois data" -- that is, to force EPAG to collect those administrative and technical contacts.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by maxwell demon on Saturday June 02 2018, @10:45AM (3 children)

    by maxwell demon (1608) on Saturday June 02 2018, @10:45AM (#687639) Journal

    So you are saying the ICANN is not involved when an European individual or company registers a domain name?

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by The Mighty Buzzard on Saturday June 02 2018, @11:42AM (2 children)

    I'm saying EU residents go to ICANN not the other way around.

    --
    My rights don't end where your fear begins.
    • (Score: 2) by coolgopher on Sunday June 03 2018, @02:12AM (1 child)

      by coolgopher (1157) on Sunday June 03 2018, @02:12AM (#687886)

      ICANN is still registered as a US entity, is it not?