Presentation given to UCD Law School students, February 12, 2014. Gives an overview of ICANN and its function / role within the internet governance context. Moves into the conflicts between ICANN's contracts + policies with local laws, specifically privacy
10. Why
do
I
Care?
•
•
•
•
ICANN
–
gTLDs
(com,
net,
org
etc)
ICANN
-‐>
new
TLDs
-‐>
1000+
new
extensions
IANA
-‐>
ccTLDs
RIRs
-‐>
RIPE
–
LIR
–
ISP
-‐>
YOU
11. ICANN?
• US
(California)
CorporaZon
• Formed
1998
• Internet
CorporaZon
for
Assigned
Names
&
Numbers
• Co-‐ordinaZon
–
stability
/
security
/
compeZZon
12. ICANN
• All
registrars
selling
gTLDs
have
contract
with
ICANN
• Any
registry
operator
has
to
have
one
too
• If
you
want
to
register
/
buy
a
gTLD
domain
you
have
to
deal
with
a
“contracted
party”
directly
or
indirectly.
13.
14.
15. The
EU
Landscape
is
complex
(Sort
of)
•
•
•
•
•
ccTLds
gTLDs
Regional
TLD
-‐
.eu
Geo
TLDs
-‐
.london,
.paris
LinguisZc
/
Cultural
-‐
.cat,
.eus
etc
16.
17. Privacy?
• EU
has
privacy
laws
–
US?
Not
so
much
(though
they
don’t
like
being
reminded)
• European
Data
ProtecZon
DirecZve
95/46/EC
• DirecZve
-‐>
transposed
naZonal
law
-‐>
Data
ProtecZon
(Amendment)
Act
2003
• Art.
29
Data
ProtecZon
Working
Party
-‐>
DPAs
of
all
28
members
of
EU
18. Privacy
+
ICANN?
• Whois
policy?
• Data
policies
in
general
• 2013
contract
-‐>
specific
data
retenZon
requirements
(LEA
wanted
more)
19. EU
Registries
vs
ICANN
(Historical)
• .tel
–
delayed
due
to
whois
policy
• .cat
–
3
years+
to
get
a
whois
policy
change
+
comply
with
Spanish
law
22. Gelng
away
with
murder?
• EU
ciZzens
more
conscious
of
data
privacy
+
digital
issues
than
before
• Logically
the
risk
of
liZgaZon
has
increased
• Irish
DPC
being
sued
for
not
being
tough
enough
on
Facebook!
• Registrars
and
registries
at
risk?
• Is
ICANN?
Doubnul
–
they’re
sZll
safe
in
the
US!
25. 2013
RAA
• Illegal
contract
for
EU
based
registrars
• ONLY
1
EU
based
registrar
“granted”
waiver
• PotenZally
problemaZc
for
non-‐EU
registrar
with
EU
registrants
– Data
retenZon
– Data
elements
to
be
collected
– Periods
of
retenZon
26.
27. ArZcle
29
Working
Party
• 6th
June
le>er
to
ICANN
(
h>p://michele.cat/ch
)
• “..to
avoid
unnecessary
duplicaZon
of
work
by
27
naZonal
data
protecZon
authoriZes
in
Europe..
the
WP
wishes
to
provide
a
single
statement
for
all
relevant
registrars
targeZng
individual
domain
name
holders
in
Europe”
28. ArZcle
29
Working
Party
• 2013
RAA
obligaZons
NOT
based
on
legal
requirement
in
EU
• Risk
of
data
breach
-‐>
exposure
of
personal
data
• Opposes
Private
corporaZon
(ICANN)
introducing
data
retenZon
-‐>
naZonal
govt
should
do
it
(if
needed)
29. ArZcle
29
vs
ICANN
•
•
•
•
ICANN’s
responses
haven’t
been
helpful
Art
29
wrote
again
see:
h>p://michele.cat/eh
Google
France
have
learnt
the
hard
way
–
slapped
with
150k
fine
30. What
about
Whois?
• Art
29
WP
doesn’t
like
“open”
whois
• Most
ccTLDs
in
EU
“gate”
data
BUT
ICANN
forces
registrars
AND
registries
to
publish
EVERYTHING
by
default
• What
will
“Geo”
gTLDs
do?
31.
32. ICANN’s
response?
• Waiver
process
for
retenZon
/
collecZon
elements
of
2013
RAA
(see
h>p://michele.cat/cg
)
• No
change
on
Whois
“waiver”
process
(yet)
• ArZcle
29
le>er
rejected
33.
34. Impact
on
Registrars
/
Registries
• Delays
(they
cost
too)
• Cost
(lawyers
don’t
work
for
free!)
• ONLY
registrars
on
2013
RAA
can
offer
new
TLDs
–
so
we
(Blacknight)
can’t
• If
a
registrar
doesn’t
have
a
waiver
then
how
will
their
DPC
react?
• Is
it
worth
the
risk?
35. Waiver
=
how
long?
• Advantage
for
registrars
in
countries
with
other
registrars
• 45
days?
90
days?
Based
on
current
experience
-‐>
never?
• Timeline
published
by
ICANN
has
a
30
day
publicaZon
period
36.
37. Our
Experience
(so
far)
•
•
•
•
•
Delay
Submi>ed
request
on
September
17th
Received
basic
acknowledgement
same
day
Received
a
reply
on
October
25th
with
queries
SZll
going
back
and
forth
38. The
Future?
•
•
•
•
GAC
involvement?
ArZcle
29
WP
again?
EU
Commission?
ICANN?