GDPR and domain name resellers, 20 million reasons to read this.

Companies will face very harsh punishments for infringements under the GDPR. Art. 83 Paragraph 5 of the GDPR offers the supervising authorities the possibility of imposing fines of up to 20 million Euro or, for corporations, up to 4% of the worldwide turnover of the preceding financial year.

 

Tick tock, tick tock, goes the clock
The EU GDPR will go into effect May 25th, 2018. It looks like there is still a lot of time, but actually, there is not much time left to prep your organization for the GDPR!

Most of your company’s operations will be affected by the GDPR, from your human resources to your marketing department. Policies and processes need to be reviewed, altered and communicated. Privacy by design will be key.

From a wholesale registrar perspective, the impact of the GDPR in combination with domain names is relatively low.
However, the impact for you as a reseller is a massive one.
In respect to registering domain names, your company, as the data collector, sends a lot of Personally Identifiable Information (PII) all over the globe. Be it a ccTLD registration or a gTLD registration.
The GDPR will affect all of our resellers who deal with European citizens as customers even if you, as a reseller are not located in the EU.

We at Realtime Register will, however, assist you in the upcoming struggle.

Privacy protect
As you may have read in one of our previous blog posts, we will offer our privacy protect services for free for our resellers.
This will make sure that you can comply with the EU GDPR and ICANN regulations without too much hassle. We strongly suggest to evaluate your customers and see who will require this service. The easiest and safest way is to use Privacy protect by default for your customers.
For Dutch resellers, who have so-called ZZPers as customers, by law they are exempt from the demanded privacy. However, the GDPR did not take into account how these self-employed business owners should be treated, as the lines between being a professional and a natural person often cross each other.
If you make mistakes here and you forget to enable privacy protect and your customers PII is unprotected, you will be risking the high fines as mentioned earlier. Forgetting about (overlooking) a customer or customers could result in a data breach.

Currently, we are working with a leading juristically advice agency to set up a deal for several services including the new agreements and privacy statement you will need; more details will follow soon.

Some aspects of exporting PII data outside the EU and ccTLD registries (and several others) are still not clear. We will inform you about this as soon as there is more clarity on this subject.

The bottom line, when it comes concerning the GDPR to the GDPR, think twice about how you deal with PII. Be prepared the GDPR will be affecting your business in more ways than you expect.

Other geographical areas
China already introduced severe privacy laws, and companies need to comply early 2018. Overall there are over 100 countries with data protection laws, and 46 countries are currently drafting data protection laws similar to the GDPR.

It is a shame that ICANN and a lot of Registries do not support the privacy by design principle, at the moment, this would have made our lives a lot easier. Perhaps ICANN and Registries should consider the following.

On December 10, 1948 the General Assembly of the United Nations adopted and proclaimed the Universal Declaration of Human Rights.

Article 12:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

So let us be sensible about privacy.

 

 

 

 

The ICANN GDD summit 2016 kicks off in Amsterdam, May 16-19, 2016

Not your usual suspects

This summit has a different setup compared to regular ICANN meetings. The main difference is that only the contracted parties will be engaging, i.e. Registrars and Registries and of course ICANN, allowing us to deal with topics that normally aren’t on the agenda.

English: This is a logo for ICANN. Magyar: ICA...

English: This is a logo for ICANN. Magyar: ICANN logo (Photo credit: Wikipedia)

What’s on the menu?
A whole array of topics will be discussed during these three days. Let me give you a little background information regarding some of the sessions.

TLD & Universal Awareness, not to be confused with Universal Acceptance.
Reality has kicked in for the Registries: the registration projections for the new gTLDs have now been replaced by more realistic numbers and everyone agrees that the new gTLDs are in for the long haul. This session, led by the Domain Name Association (DNA), will discuss how we can all create more awareness.

New gTLDs: Getting to the next round
That’s right: there will be a next round. I predict that, somewhere around 2020, you can apply for new TLDs again. There is some talk that this round will be mostly used for brands to apply for their own TLD. On the other hand, ICANN warned 200 brand owners to move ahead with their TLDs as they have made zero progress in the current round. All things considered, it will be an interesting discussion for sure.

Healthy Domains Initiative (HDI)
Botnets, malware, phishing: abuse comes in many forms and is becoming a threat to our industry. The threat being that governments will try to get a grip on this. Governments are usually not technical driven organizations and, even worse, often do not understand technology. In my opinion this makes them the least likely candidate to deal with this “abuse” problem. In conclusion: we need to get ahead of this issue.

Universal Acceptance (UA)
In my opinion this might be the most important topic of the summit. Let me explain the issue with an example.

The TLD .SOCIAL suddenly became very popular in South America a year ago. A lot of people there registered .SOCIAL only to discover that the Internet Service Providers (ISP) in South America where not supporting .SOCIAL. In fact, .SOCIAL was not working at all. Moreover, most of the ISP operators had no idea that a lot of new extensions had been released, causing major problems in all layers of the networking infrastructure.

This problem is still ongoing and ranges from apps not supporting new gTLDS to email servers not delivering email. Even though ICANN cannot solve this problem, the corporation does support the Universal Acceptance Group by any means to get this issue under control.

Room for more.

There is more on the menu during the summit for sure, but in my opinion, the topics mentioned above are the most interesting ones. Nevertheless, I expect the rest of the topics to be pretty good as well. Stay tuned for an update after the summit. Interested in all topics? You’ll find the complete agenda here.

ICANN 44 a week in review

ICANN 44 Prague was a busy event and produced a lot of news and new information.

Friday June 22 : ICANN announces it’s new CEO and President Fadi Chehadé.

Saturday June 23 : The biggest news this day must have been the fact that ICANN

ICANN Logo

suspended the Digital Archery system and later in the week abandoned it completely.
Sunday June 24 : A number of registrars participated in a briefing with the Governmental Advisory Committee (GAC) regarding the Domain Name Marketplace and the role of registrars in the ecosystem.
Points being discussed with the GAC.

  • Registrar business models
  • the role resellers play
  • the diverse nature of the RrSG (Registrars Stakeholder Group) members

Monday June 25 : The RrSG met directly with representatives from the Law Enforcement community on Monday to provide them an update and to update them on the status of the 12 requests they had previously indicated were important. The RrSG has accepted 10 of the 12 proposals.
Outstanding issues are WHOIS verification and Data Retention.
In the evening ICANN CEO Rod Beckstrom had it’s farewell party which was largely attended.

Tuesday June 26 : Tuesday was a busy day for the Registrars.
RAA (Registrar Accreditation Agreement) discussions
gTLD discussions about the implications for Registrars and it’s Resellers/Customers.
The Executive Committee of the RrSG met with the ICANN Board Tuesday afternoon. Main topics were the new RAA and gTLDs.
A healthy interaction with the ICANN compliance team.
ICANN renews the .com contract with Verisign.

Wednesday June 27: WHOIS replacement workshop. A few observations from this workgroup.

  • No uniform data model that exists for domain name registration data.
  • The WHOIS protocol itself has no standard capacity for handling non-ASCII text.
  • Directory services do not satisfy legitimate needs for access to different granularities of data.

Replacing the current WHOIS system as we know it, is one of the top priorities of ICANN’s priority list.

Participation as a panel member regarding the IRTP Part C Update. This workgroup is gathering information to recommend a control function for domain name owner changes.

No further news on the URS. ICANN has not selected an URS provider yet.

Thursday June 28 : Participation as a panel member regarding the locking of a domain name during an UDRP (Uniform Domain-Name Dispute-Resolution)
Most noteable was the public forum. This session lasts around 5 hours and includes a variety of topics. This is a session where anyone and everyone can ask their questions or make comments to the ICANN board.

ICANN 44 Statement from the Registrar Stakeholder Group

The Registrar Stakeholder Group (RrSG) would like to provide this statement regarding the current status of RAA negotiations and the update posted on the ICANN website on June 4, 2012.
The RrSG and its representatives on the Negotiating Team (NT) have been actively involved in discussions with ICANN staff and is pleased to see substantive progress reported to the community in advance of the upcoming ICANN meeting in Prague.

ICANN Logo

Among the issues that have been agreed to include improved registrar response and

availability to law enforcement, registrar abuse point of contact, publication of registrar information, establishment of an ICANN accreditation for privacy/proxy service as well as many other important issues which have been identified both by law enforcement and the greater community.

As ICANN points out in the documents recently released, several issues remain outstanding including:

 

  • Whois verification/validation
  • Data retention
  • Future RAA amendments process
  • Registrar obligations to support certain technologies which today are optional
  • Port 43 whois access for thick registries

The RrSG fully agrees that several of the open items require input and discussion from the broader community as they contemplate significant changes to the domain name ecosystem as it exists today, and will impact the expansion of the Internet to new users and new regions of the world. We believe the upcoming meeting in Prague will provide an excellent venue for initiating these discussions and the RrSG looks forward to participating in those conversations.

 

More information about the RAA 2012 can be viewed here.

 

Currently 889 gTLD applicants.

According to a post from ICANN there are currently 889 users registered in the TLD Application System (TAS). Each user can apply for 50 TLD’s. 50×889 = 44450. A staggering number that surely will not be met. Industry experts expect around 2000 applications.

Tremendous anticipation, planning, and work drove toward 12 January, 2012, the day ICANN began accepting applications for new gTLDs.

Organizations who choose to apply to operate a top-level domain have merely begun a journey that will most likely carry them into 2013. If you’re curious about the next phases of ICANN’s New gTLD Program, here are highlights of what to expect.

 

In early May, approximately two weeks after the new gTLD application window closes, ICANN will publish a list of the applications and who has applied for which domain name. Until then, ICANN will not comment publicly about any specific application, the total number of applications received, or who has submitted applications.

Related articles