Sorry, you need to enable JavaScript to visit this website.

ICANN Resolutions » GAC Advice regarding European Union General Data Protection Regulation (GDPR): San Juan Communiqué (March 2018)

Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.

GAC Advice regarding European Union General Data Protection Regulation (GDPR): San Juan Communiqué (March 2018)


Resolution of the ICANN Board
Meeting Date: 
Thu, 3 May 2018
Resolution Number: 
2018.05.03.01
Resolution Text: 

Whereas, the Governmental Advisory Committee (GAC) met during the ICANN61 meeting in San Juan, Puerto Rico and issued advice to the ICANN Board in a Communiqué on 15 March 2018 ("San Juan Communiqué").

Whereas, the San Juan Communiqué was the subject of an exchange between the Board and the GAC on 11 April 2018.

Whereas, the San Juan Communiqué includes advice concerning ICANN's proposed Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation (the "Interim GDPR Compliance Model").

Whereas, the Board has identified items of GAC advice in the San Juan Communiqué that are or potentially could be inconsistent with proposed actions the Board is considering taking to adopt the Interim GDPR Compliance Model.

Whereas, the Bylaws require that "[i]n the event that the Board determines to take an action that is not consistent with Governmental Advisory Committee advice, it shall so inform the Governmental Advisory Committee and state the reasons why it decided not to follow that advice" and the Board and GAC are required to enter into a Bylaws Consultation process.

Resolved (2018.05.03.01), the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC's advice in the San Juan Communiqué concerning the GDPR and ICANN's proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.

Rationale for Resolution: 

Article 12, Section 12.2(a)(ix) of the ICANN Bylaws permits the GAC to "put issues to the Board directly, either by way of comment or prior advice, or by way of specifically recommending action or new policy development or revision to existing policies." In its San Juan Communiqué (15 March 2018), the GAC issued advice to the Board on various matters including ICANN's proposed approach to address compliance with ICANN's agreements with registries and registrars in relation to the European Union's General Data Protection Regulation (GDPR).

The ICANN Bylaws require the Board to take into account the GAC's advice on public policy matters in the formulation and adoption of the polices. If the Board decides to take an action that is not consistent with the GAC advice, it must inform the GAC and state the reasons why it decided not to follow the advice. Any GAC advice approved by a full consensus of the GAC (as defined in the Bylaws) may only be rejected by a vote of no less than 60% of the Board, and the GAC and the Board will then try, in good faith and in a timely and efficient manner, to find a mutually acceptable solution.

At this time, the Board's current thinking and approach to addressing the GDPR in relation to ICANN's agreements with registries and registrars is inconsistent or could be viewed as inconsistent with certain items of the GAC's advice in the San Juan Communiqué. Given this, the Board is taking action at this time to initiate the process that is required prior to the Board taking an action that is not consistent with the GAC's advice. As part of the process, the Board is required to, and will provide a written response to the GAC indicating: (1) whether it has any questions or concerns regarding such advice; (2) whether it would benefit from additional information regarding the basis for the GAC's advice; (3) and a preliminary indication of whether the Board intends to take such advice into account. The Board's response will be the subject of an exchange between the Board and the GAC.

In taking this action, the Board reviewed various materials, including, but not limited to, the following materials and documents:

San Juan Communiqué (https://gac.icann.org/contentMigrated/icann61-gac-communique)
Process for Consultations between the ICANN Board of Directors and the Governmental Advisory Committee (https://gacweb.icann.org/download/attachments/27132063/2013-04-07-Process forConsultations between ICANN and GAC.doc?version=1&modificationDate=1376102118000&api=v2)
Taking this action will have a positive impact on the community because it will assist with resolving the advice from the GAC concerning ICANN's proposed approach for enforcing compliance with agreements with registries and registrars in relation to the GDPR. There are no foreseen fiscal impacts associated with the adoption of this resolution as the first step of the process, which requires an exchange between the Bord and the GAC, is anticipated to be conducted telephonically. Approval of the resolution will not impact security, stability or resiliency issues relating to the DNS. This is an Organizational Administrative function that does not require public comment. This action is in support of the public interest and ICANN's mission as it will assist in ensuring that public policy considerations are appropriately taken into account in proposed actions by the ICANN Board concerning GDPR compliance.