ICANN Resolutions » GNSO Council Policy Recommendations on EPDP Phase 2, Priority 2 Recommendations
Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.
Whereas, on 17 May 2018, the ICANN Board adopted the Temporary Specification for gTLD Registration Data (Temporary Specification) pursuant to the procedures in the Registry Agreement and Registrar Accreditation Agreement concerning the establishment of temporary policies.
Whereas, following the adoption of the Temporary Specification, and per the procedure for Temporary Policies as outlined in the Registry Agreement and Registrar Accreditation Agreement, a Consensus Policy development process as set forth in ICANN's Bylaws must be initiated immediately and completed within a one-year time period from the implementation effective date (25 May 2018) of the Temporary Specification.
Whereas, the Generic Names Supporting Organization (GNSO) Council approved the Expedited Policy Development Process (EPDP) Initiation Request (https://gnso.icann.org/sites/default/files/file/field-file-attach/temp-s...) and the EPDP Team Charter (https://gnso.icann.org/sites/default/files/file/field-file-attach/temp-s...) on 19 July 2018.
Whereas, the EPDP Team divided the work in two phases; Phase 1 completed with the adoption of the EPDP Phase 1 Final Report on 4 March 2019, at which point the GNSO Council indicated its non-objection, as required per the EPDP Team Charter, for the EPDP Team to commence work on a System for Standardized Access/Disclosure to Non-Public Registration Data ("SSAD") as well as other topics identified in Phase 2 of the Charter and/or carried over from Phase 1 (priority 2 items).
Whereas, the EPDP Team commenced its deliberations on Phase 2 on 2 May 2019 with the development of its work plan (see https://community.icann.org/x/6BdIBg);
Whereas, the EPDP has followed the prescribed EPDP steps as stated in the Bylaws, resulting in a Final Report delivered on 31 July 2020 with an updated version containing all minority statements submitted on 26 August 2020.
Whereas, the EPDP Team reached consensus on Recommendations 19 – 22.
Whereas, the GNSO Council reviewed and discussed the recommendations of the EPDP Team and unanimously approved all Priority 2 Recommendations on 24 September 2020 by a GNSO Supermajority vote (see https://gnso.icann.org/en/council/resolutions/2020#20200924-2).
Whereas, the GNSO Council vote exceeded the required voting threshold set forth in the ICANN Bylaws to impose new Consensus Policies on ICANN contracted parties.
Whereas, after the GNSO Council vote, a public comment period was held on the approved Recommendations, and the majority of comments focused on issues that were the subject of lengthy debates during the EPDP Team's Phase 1 and Phase 2 work and the Recommendations on these topics represent carefully crafted compromises.
Whereas, the Governmental Advisory Committee (GAC) was requested to raise any public policy concerns that might occur if the proposed policy is adopted by the Board (https://www.icann.org/en/system/files/correspondence/botterman-to-ismail...).
Whereas, the GAC responded to the Board's notice, and did not raise any public policy concerns that might occur if the recommended Consensus Policy recommendations are adopted by the Board.
Whereas, ICANN org analyzed the Recommendations and, based on current information and subject to further inputs from Data Protection Authorities and legal analysis, believes Recommendations 19-22 do not appear to be in conflict with (a) the GDPR, (b) existing requirements for gTLD registry operators and registrars, or (c) ICANN's mandate to ensure the stability, security, and resiliency of the Internet's DNS.
Resolved (2021.06.21.01), the Board adopts the GNSO Council Policy Recommendations 19-22 for a new Consensus Policy on gTLD Registration Data as set forth in section 3.6 of the Final Report.
Resolved (2021.06.21.02), the Board directs the President and CEO, or his designee(s), to develop and execute an implementation plan for the adopted Recommendations that is consistent with the guidance provided by the GNSO Council and to continue communication with the community on such work.
Why is the Board addressing this issue now?
The GNSO Council approved all of the final recommendations from the EPDP Working Group's Final Report dated 31 July 2020 at its meeting on 24 September 2020, and a Recommendations Report from the Council to the Board on the topic on 29 October 2020. In accordance with the ICANN Bylaws, a public comment period was opened to facilitate public input on the adoption of Recommendations 19-22. The public comment period closed on 22 January 2021. As outlined in Annex A of the ICANN Bylaws, the EPDP recommendations are now being forwarded to the Board for its review and action.
What are the proposals being considered?
The GNSO's recommendations concern policy guidelines for (i) public display of information related to registrations using privacy or proxy services; (ii) display and redaction of the registrant city field; (iii) required minimum period for registrars to retain registration data, and (iv) an amended ICANN purpose for processing registration data, related to the security, stability, and resiliency of the DNS. The full list and scope of the final recommendations can be found in Annex A of the GNSO Council's Recommendations Report to the Board (see https://www.icann.org/en/system/files/correspondence/fouquart-to-botterm...).
What significant materials did the Board review?
As required by the GNSO's PDP Manual, the EPDP Team reached out to all GNSO Stakeholder Groups and Constituencies as well as other ICANN Supporting Organizations and Advisory Committees for input during the early phase of the EPDP. The Working Group also held open community sessions at the ICANN Public Meetings that occurred during the lifetime of this PDP. In recognition of the condensed timeline the EPDP Team would be working under, the GNSO Council chose to invite two liaisons from ICANN Organization to participate directly within the EPDP Team: one liaison from ICANN's Legal Team and one liaison from ICANN's Global Domains and Strategy Division. The EPDP Team also sought input on potential implementation issues from ICANN org via the appointed liaisons. Public comment periods were opened for the EPDP Team's Initial Report, the EPDP Team's Addendum to its Initial Report and the GNSO Council's adoption of the EPDP Team's Final Report. The final recommendations as detailed in the Final Report were completed based on the EPDP Team's review and analysis of all the public comments and input received in response to its Initial Report.
What factors did the Board find to be significant?
The EPDP Team's Priority 2 recommendations were developed following the GNSO Expedited Policy Development Process as set out in Annex A of the ICANN Bylaws and have received the unanimous support of the GNSO Council. As outlined in the ICANN Bylaws, the Council's supermajority support obligates the Board to adopt the recommendations unless, by a vote of more than two-thirds, the Board determines that the recommended policy is not in the best interests of the ICANN community or ICANN. The Bylaws also allow for input from the GAC in relation to public policy concerns that might be raised if a proposed policy is adopted by the Board. The GAC has not raised this possibility with respect to these EPDP recommendations.
Are there positive or negative community impacts?
The Priority 2 recommendations result in the following positive impacts to the ICANN community: (i) ensuring that third-party requestors of non-public registration data are clearly notified, within the public directory, that a domain name registration is utilizing privacy or proxy services, and, accordingly request the redacted data only once (rather than having to perform two queries: one – to find out the data is protected by a privacy service, and another to the privacy service); (ii) permitting registrars to publish the registrant's city field in the public directory (Phase 1 recommendation required redaction of the registrants city in the public directory); (iii) establishing a required data retention period for registration data held by registrars; (iv) updating ICANN's purpose for processing registration data in line with security, stability, and resiliency concerns, in response to feedback from the European Data Protection Board. Additionally, the Board's approval of the Priority 2 recommendations will assist ICANN org in implementing the EPDP Phase 1 recommendations.
Are there fiscal impacts/ramifications on ICANN (Strategic Plan, Operating Plan, Budget); the community; and/or the public?
There may be fiscal impacts on ICANN associated with the implementation of policy recommendations. These would be related to the use of ICANN org resources to implement the recommendations.
Are there any Security, Stability or Resiliency issues relating to the DNS?
There are no security, stability, or resiliency issues relating to the DNS that can be directly attributable to the implementation of the EPDP recommendations.
Is this within ICANN's mission? How does this action serve the public interest?
Consideration of community-developed policy recommendations is within ICANN's mission as defined at Article 1, section 1.1(i) of the ICANN Bylaws. This action serves the public interest, as ICANN has a core role to coordinate the development and implementation of policies for which uniform or coordinated resolution is reasonably necessary to facilitate the openness, interoperability, resilience, security and/or stability of the DNS.