MENU
  • Enom.com
  • Resellers

Enom Blog

April, 2019
Archive

  • Updates from ICANN64 – Kobe, Japan

    April 8, 2019

    Industry Insight, News

     Like

    Views: 2172

    A small delegation from Tucows attended ICANN64 in Kobe, Japan, and we want to share a few quick highlights about the progress made in some key areas.

    RDAP Working Group

    RDAP, everyone’s favorite new registration data access protocol, is now in the implementation phase. This means that registrars and registries must implement RDAP according to the documented profile requirements by August 26, 2019.

    As we’ve mentioned before, Tucows has already implemented the original version, so we’re now reviewing the final profile to understand what minor updates are needed. The RDAP Working Group recognizes that the current profile is based on the Temp Spec and will need to be modified to align with the policy coming out of the EPDP. As members of the RDAP Working Group, we’ll be participating in that process and making sure we’re on top of any further changes.

    Access to Whois Registration Data

    ICANN’s Technical Study Group on Access to Registration Data, which we’ll refer to as the “TSG,” met with several different groups during ICANN64 to present information about their work and answer questions from the community.

    Leading up to the conference, they were focused on developing a “straw man” technical model that uses RDAP to operationalize the EPDP’s upcoming “Standard Access” (Phase 2) Model. The TSG team members confirmed that they do not plan to build the system they are designing; instead, the objective was to create a Model that can be presented to the European Data Protection Board (EDPB) for review and feedback.

    ICANN CEO Göran Marby’s idea seems to be that if the EDPB signs off on this Model, registrars and registries could follow it when providing Personal Data to ICANN for disclosure to third parties, and this would bring a reasonable expectation of “diminished liability.” However, many of us are concerned that the EDPB will not be able to base any decision off the TSG’s Model — they would most likely also require the accompanying Policy. This policy does not exist yet — it will come out of the EPDP Phase 2 work — and until it does, any request to have the EDPB review the Model is premature and ineffective.

    Additionally, as we were reminded by Cathrin Bauer-Bulst from the European Commission, any statement by the EDPB that the Model is acceptable could easily be retracted in the future; it’s not a guarantee of legality. The TSG team has a face-to-face meeting planned for mid-April to finalize their report, after which it will be handed back to ICANN’s CEO.

    Phase 2 of the EPDP & next steps for the IRT

    The EPDP team met four times over the course of the ICANN64 conference, primarily focusing on planning for Phase 2 of their work: the creation of a Standard Access Model for disclosure of non-public registration data.

    There was also discussion about convening an Implementation Review Team to bring the Phase 1 recommendations into reality and how to bridge the Implementation Gap period between when the Temp Spec expires (May 25 2019) and when the EPDP recommendations become mandatory policy (February 29 2020).

    The team is still looking for a new Chair, as Kurt Pritz stepped down following the end of Phase 1. His admirable leadership and calm in the face of contentious issues will be difficult to replace. In the coming days, the EPDP team will continue to work with ICANN leadership to determine exactly how to proceed with these next steps. The Tucows team will be an active voice in that discussion, and we will keep our resellers up-to-date as things develop.

    Read More

  • ICANN Updates: EPDP Phase 1 Final Report

    April 3, 2019

    Announcement, GDPR, Industry Insight

     1

    Views: 1285

    woman looks over EPDP Phase 1 Final Report

    ICANN’s Expedited Policy Development Process (EPDP) team has issued their Phase 1 Final Report, marking the end of this stage of the project. The recommendations from this Report will become mandatory as of February 29, 2020, but contracted parties (registrars and registries) are permitted to implement them sooner. We’re still determining what specific changes we’ll need to make, but here’s an overview of the expected operational impacts that you should be aware of.

    Changes to which data elements are required for ICANN-regulated TLDs

    The EPDP team has recommended that:

    • the Admin contact no longer be used at all
    • the Tech contact be entirely optional and minimized: only name, phone number, and email address.

    Needless to say, we are pleased with this outcome. For months now, Tucows has argued against the continued mandatory collection of Admin and Tech contact data, as it violates the GDPR’s requirement for data minimization. We still allow our reseller partners to pass along these data sets, but we only use them if the registry specifically requires them; if they do not, we simply hold these data on our platform and do not share them with the registry or data escrow provider.

    How is OpenSRS handling this change?

    OpenSRS will need to delete the Admin contacts we hold for existing domains, unless it’s used for a TLD where the registry contractually requires an Admin contact. Before we delete any data, however, we’ll make sure that the registries have made the required changes on their side. This will ensure that no registrations fail at the registry level due to “missing data.” An additional point to consider is that some domains registered under the 2009 RAA rules do not have any associated Registrant contact info, because at the time the domain ownership information was stored in the Admin contact fields. We’ll ensure that the domain owner information is up to date before removing any of the Admin contact data.

    What should resellers do?

    We’re doing our best to minimize any work these changes could create for resellers. Right now, our suggestion is to audit which fields you currently list as mandatory in any signup and domain update forms that you provide to your customer base. You may need to make some adjustments and be ready to implement them once the recommendations outlined above are officially required. We’ll provide plenty of notice before implementing changes on our end.  

    Changes to which data are displayed in the public Whois

    The public Whois record will continue to be mostly redacted. However, the EPDP has recommended that registrars display the registrant state and country fields. We’ll soon begin work to reflect this change in the Whois data output for all domains under our accreditation.

    Special case: publishing registrant Organization Whois data

    In theory, the Organization field holds non-personal data, so displaying it in the public Whois should not be an issue. In reality, however, the Organization field frequently does contain personal data. For this reason, the EPDP team has recommended that the Organization field should be published, but only in a way that avoids the accidental exposure of personal data.

    So, how will this be accomplished?

    Registrars have been asked to contact all existing domain owners to confirm whether or not they want their Organization info published. If the registrant opts in, the registrar can then publish the Organization data. If the registrant does not opt into publication, or does not respond at all, the data in the Organization field can either be kept on file with the registrar but redacted from the public Whois, or deleted entirely.

    What should resellers do?

    For the long-term, the EPDP team recommends a more proactive approach where a “disclosure, disclaimer or confirmation” is presented to domain owners as they enter data into the Organization field. This notice would explain both options and give the registrant the opportunity to decide if they want this information published or not. If you collect data through an online sign-up form, you may want to consider how to incorporate this notice. We’re considering how to best implement this recommendation in a way that will be clear to domain owners and represent a minimal workload for our resellers.

    Changes to which domain name contact data are shared  

    Much of the heavy lifting here has been done. As part of our initial GDPR implementation last year, we did a full audit of our TLD offerings to determine which data elements should be shared with the registry by default, as required under our contract with the registry, and which should only be shared if the domain owner gives their explicit consent to do so.

    Over the next few months, we expect to receive updated contracts from all the ICANN-accredited registries we work with. Depending on what the various registry contracts include, we may make adjustments to our data processing framework. We could end up sharing more or less data by default for specific TLDs, and may stop the collection of some “optional” data elements.

    What should resellers do?

    These adjustments will not create any work for you, the reseller, but you should be aware that some of the TLD-specific data sharing settings will be adjusted. You can always refer to Tucows’ Data Use Information page for details about the legal basis for processing the data we collect for any TLD.

    Next steps

    Hopefully, this review has left you with a good sense of what to expect over the coming months. We’ll have more updates as the EPDP team begins Phase 2 (Standard Access Model, formally referred to as the “Unified Access Model”) and works through the Implementation Review Team (IRT) process, which will turn these Phase 1 recommendations into actual policy.

    Read More

FEATURED POSTS

  • Our Ongoing Commitment to Combatting DNS Abuse

    October 18, 2019

  • We’ve refreshed our Webmail

    June 19, 2019

  • Colleagues review ICANN's temporary specification requirements.

    What Domain Resellers Should Know About ICANN’s Temporary Specification

    September 18, 2018

  • keys on surface.

    Enom’s Tiered Access Directory (gated Whois)

    June 19, 2018

CATEGORIES

  • Advice
  • Announcement
  • Developers
  • DNS
  • Featured
  • Fun
  • GDPR
  • Industry Insight
  • New TLDs
  • News
  • Premium Domains
  • Promotion
  • Resellers
  • Roadmap
  • SSL
  • Uncategorized
  • WTB

ARCHIVES

  • November 2019
  • October 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2013
Support

Report Abuse
Help Center
Contact Us

Resources

WHOIS Lookup
Maintenance Alerts
Developers
Products & Services

Domain Name Search
Premium Domains
Web Hosting
SSL Certificates
Website Builder
Basic Email
Bulk Tools

© 2019 Enom Blog |