HomeInsightsICANN approves Temporary Specification for gTLD registration data to ensure compliance with GDPR


+44 (0)20 7612 9612

ICANN has approved a Temporary Specification for gTLD registration data to establish temporary requirements for how ICANN and its contracted parties (domain name registrars and registries) can continue to comply with existing ICANN contractual requirements and policies relating to WHOIS, while also complying with the GDPR.

ICANN says that the Temporary Specification aims to ensure the continued availability of the WHOIS system to the greatest extent possible while maintaining the security and stability of the internet’s system of unique identifiers.  Preserving the WHOIS system is critical to the stability and security of the internet, as it allows for the easy identification of cybercriminals, intellectual property infringement, and other malicious activity online.

The Temporary Specification provides a single, unified interim model that ensures a common framework for registration data directory services. It allows ICANN’s contracted parties to continue with the collection of registration data from both natural and legal persons, as well as technical information, in connection with a domain name registration.  The Temporary Specification only replaces certain provisions in the Registry Agreements and Registrar Accreditation Agreements, as well as policies.  All other current obligations remain in force.

ICANN’s contracted parties will be required to apply the model outlined in the Temporary Specification when processing personal data linked to the European Economic Area (EEA).  If impracticable for a contracted party to limit their application of the requirements strictly to the EEA, they may apply the requirements to registrations on a global basis.

To ensure compliance with the GDPR, access to personal data will be restricted to layered/tiered access, where only users with a legitimate purpose can request access to non-public data through registrars and registry operators.  Until a unified access model is in place, registries and registrars will have to determine which requests are permissible under the law.  Alternatively, users may contact either the registrant or listed administrative and technical contacts through an anonymised email or web form available via the registered name’s registrar.  Registrants may opt to have their full contact information made publicly available.  To read ICANN’s press release in full, click here.