IGF 2018 WS #60
Data Protection, ICANN and WHOIS

Organizer 1: Nigel Hickson, ICANN
Organizer 2: Laurent Ferrali, ICANN

Speaker 1: Becky Burr, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Theresa Swinehart, Technical Community, Western European and Others Group (WEOG)
Speaker 3: Mary Uduma, Technical Community, African Group

Moderator
Online Moderator
Rapporteur
Format

Round Table - 90 Min

Interventions

The Session will be organised as an interactive round table; with no keynote speeches but answers freely given by participants and audience alike through questions posed by the moderator.

Initially the moderator will ask the audience (yes the audience not the speakers...) for some key issues they would like to be addressed in the Session.

ICANN Organisation (represented by Theresa Swinehart) to give a very brief overview of where we are in the "GDPR/WHOIS" process. The Moderator will then turn to the participants to seek their views on the importance of the WHOIS Database to them, why access to non-public data is important and the potential damage in not being able to access such.

The Moderator will also explore with panelsits, such as Mary Uduma, what other countries (and regions) are taking forward with respect to data protection legislation, but also the use non-European / US countries make of WHOIS information.

Diversity

We will ensure that the final participant line up is diverse in all aspects. While this is a requirement it is also necessary to have the sort of wide and comprehensive debate we are looking for. This is a global, not just a European issue. We also will have participants from different stakeholder groups.

In addition to the three confirmed speakers we have invited the Chair of the European Data Protection Board (Dr Andrea Jelinek https://edpb.europa.eu/sites/edpb/files/files/file1/cv_jelinek_engl_en…) and a representative from the Singapore Government (

This Background Session will discuss how ICANN has had to adapt to emerging data protection legislation, not least the European Union’s General Data Protection Regulation (GDPR) which came into effect in May. It will particularly focus on the changes which had to take place to the data made public on the WHOIS Database (which gives information on all domain names taken out) with respect, inter-alia, to personal information of registrants. It will discuss how different regional and national legislative initiatives can potentially affect the WHOIS and the potential implications this has for the law enforcement, IP protection and security professionals who currently make use of the WHOIS in the public interest. Conversely it will also address concerns on how personal data on the WHOIS has been misused in the past.

As noted this will NOT be a traditional format. From the start the Moderator will engage the physical and remote audience. He will ensure that it is issues that are raised by audience that are addressed by participants as well as pre-agreed questions. We will ensure there is a two-way dialogue from start to finish. No monologues, no PowerPoints (perhaps except for a few factual slides from ICANN org) though will, of course, allow participants breadth to fully answer questions.

The issue being discussed is wider than a generic discussion on data protection or privacy. It is essentially about how the global community ensures compliance with national and regional legislation (such as the EU GDPR) while also having continued access to critical data in the WHOIS database (for all domain name registrations) this is essential for law enforcement and other legal purposes as well as for protecting registrants from security threats (such as fraud). The issue is complex as one also has to ensure that those accredited / approved to have access to non public information respect the rights and privacy of domain name registrants.

Online Participation

On-line participation, for many reasons, will be a critical part of this Session. We want more than tweets but real contributions; which will be fed into session (to Moderator) so opinions can be linked to those from those people present. These will not be taken at end but on same basis as comments / questions in room. we will also encourage, as appropriate, the moderator to have the participants ask questions to on-line contributors

Laurent has direct experience on facilitating remote participation from ICANN Sessions.