Data Protection/GDPR TLD Guidance Matrix

Posted on 4 April 2018

I think this is the first blog where I start with phrases like;

  • We are not done yet
  • Guidance only
  • We are not done yet
  • By no means legal advise
  • Best effort only
  • We are not done yet

While we are not done, we are trying to get this matrix as complete as possible before May 25; we do expect that we will still be updating the matrix way beyond May 25.

Back in 2016, I was under the impression that our industry would work together and come up with solutions to make things easier when it comes to the …

Berlin Group to ICANN, WHOIS is not your only GDPR problem

Posted on 9 March 2018

Just before ICANN 61, ICANN and its community received essential information regarding WHOIS and the GDPR and more.
The latest statement and recommendations are from the Berlin Group (International Working Group on Data Protection in Telecommunications and Media or IWGDPT).

The Berlin Group started out in 1983 on the initiative of some national data protection authorities; nowadays members include government agencies, representatives of international organizations and IT experts from all over the world.

So basically we have the opinion on ICANN and registrant data and WHOIS vetted by all the members of the International Conference of Data Protection and Privacy …

Update on publication of personal data in the WHOIS / RDS

Posted on 18 January 2018

There has been a considerable debate whatever ICANN will enforce the contractual agreement between registrars and registries to display personal data in the WHOIS.

Publication of personal data in the WHOIS is usually in conflict with many data protection laws around the world.

The EU GDPR and its substantial non-compliance fines seem to sway the discussion into a direction where ICANN needs to come up with solutions. And they did: ICANN published several models that propose to limit the publication of personal data in the WHOIS. The next step is that the ICANN community analyzes these models.

The models created …

GDPR update, legal definitions and possible action items.

Posted on 18 January 2018

Below, a quick update and some information which is crucial to you as a reseller regarding the GDPR.

Privacy notice
We should have the privacy notice ready for you at the end of February.

Processing agreement
We expect to send this to our resellers at the end of February, given the vast amount of different jurisdictions and number of registries this may be delayed by a few weeks.

The processing agreement is required for your contractual agreements between you and our customers.

Legal definitions

  • ICANN, joint data controller
  • gTLD registries, joint data controller
  • ccTLD registries, data controller
  • Realtime Register (registrar), …

Why Registrars require an EU based Escrow provider

Posted on 12 October 2017

Domain names, registrant data and data protection, they all have a long history in the ICANN universe. Let’s do some time traveling and let me take you back in time, starting a decade ago…

March 2007
ICANN de-accredits RegistryFly, this disaster demonstrates clearly that Registrars should escrow registrant data to an escrow provider in case a registrar goes “down.”

To counter the RegistryFly disaster, ICANN introduced escrow requirements, ICANN picks up the bill, but of course, indirectly the registrars are paying for it, how much is unknown though, as we do not know how much ICANN is paying Iron …

GDPR and domain name resellers, 20 million reasons to read this.

Posted on 12 October 2017

Companies will face very harsh punishments for infringements under the GDPR. Art. 83 Paragraph 5 of the GDPR offers the supervising authorities the possibility of imposing fines of up to 20 million Euro or, for corporations, up to 4% of the worldwide turnover of the preceding financial year.

 

Tick tock, tick tock, goes the clock
The EU GDPR will go into effect May 25th, 2018. It looks like there is still a lot of time, but actually, there is not much time left to prep your organization for the GDPR!

Most of your company’s operations will be affected by …

EU GDPR, is consent the Silver Bullet for Domain Name Registrations?

Posted on 27 September 2017

Update:28-11-2017

According to the Dutch DPA, consent is not the silver bullet. 

https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-unlimited-publication-whois-data-violates-privacy-law

This will make ccTLD registrations outside of the EU for natural persons very problematic and perhaps such registrations should be avoided, though this is not legal advice in any shape or form. 

Consent is often cited as the Silver Bullet to transfer data outside of the EU.The requirements, however, can be rather complex given the fact how registries/ICANN process and control the data.

The rules according to Art.6.1(b).

Data subjects are provided with a clear explanation of the processing to which they are consenting; The consent mechanism …

The most important GDPR requirements at a glance

Posted on 11 September 2017

The article below is a partial copy of this fact sheet by Legalist and was used with its consent. (De Nederlandstalige versie staat hier)

The General Data Protection Regulation (GDPR) is a new pan-European privacy law. From 25 May 2018, your organization must comply with this strict new law. So, what is changing? And what do you need to change?

1. Your activities are much more likely to be covered by eu privacy legislation
If your organization processes personal data of a person who is in the EU, you must comply with the GDPR. It does not matter …

De belangrijkste eisen van de AVG

Posted on 11 September 2017

Het onderstaande artikel is met toestemming grotendeels overgenomen van het factsheet Algemene Verordening Gegevensbescherming door ICTRECHT.

Een nieuwe privacywet voor heel europa, dat is wat de Algemene Verordening Gegevensbescherming (AVG of GDPR in het engels) ons brengt. Vanaf 25 mei 2018 moet ook uw organisatie voldoen aan deze strenge nieuwe wet. wat gaat er nu allemaal veranderen?

1. Uw activiteiten vallen veel sneller onder de privacywet
Het centrale begrip ‘persoonsgegevens’ verandert namelijk: naast bestanden met namen, adressen en dergelijke vallen nu ook gegevens gekoppeld aan IP-adressen, MAC- adressen, cookies en dergelijke onder de wet. Ook als u niet weet …

ICANN, Thick WHOIS Migration Delay & Pray

Posted on 10 July 2017

The migration of the Verisign Thick WHOIS has been delayed until 29th November.
This is a welcome change from the original migration data which was set at 1-August-2017.

We at Realtime Register were not planning to migrate on this data anyways, as we are still reviewing the EU GDPR and its impact.

Currently, ICANN is collecting community input regarding the EU GDPR till September this year. In November ICANN will present the results which will provide more clarity regarding the fact if ICANN is the data controller or not according to the EU GDPR. Furthermore, Registrars expect more clarity at …

Realtimeregister.com tracks users anonymously using Google Analytics cookies. Please view our Privacy Statement for more information.