[NCUC-DISCUSS] [Blogpost] International Working Group on Data Protection in Telecommunications 62nd Meeting

[Renata Aquino Ribeiro]

https://www.ncuc.org/2017/12/08/international-working-group-on-data-protection-in-telecommunications-62nd-meeting/

International Working Group on Data Protection in Telecommunications
62nd Meeting

by Stephanie Perrin – On November 26-28 2017, I attended the meeting
of the International Working Group on Data Protection in
Telecommunications (IWGDPT or Berlin group) in Paris, France. The
group has had data protection issues at ICANN on the agenda for the
past three years (as it was seen on the 2015 Seoul Korea meeting).
NCUC sponsored me to attend this meeting, and to update the group on
what is happening at ICANN. Since ICANN had sent a number of people to
attend the Data Commissioners Conference in Hong Kong in September,
with several speaking on a panel dealing with ICANN data protection
issues, the leadership of the Berlin group was aware of the new
concern being demonstrated by ICANN as they prepare for the
implementation of the General Data Protection Regulation (GDPR).

The Dutch Data Protection Commission has been very much engaged at the
Berlin group, and they recently issued a statement concerning ICANN’s
failure to comply with current law with respect to WHOIS (see the
announcement on that decision). It is worth noting here that this
decision states clearly that ICANN cannot rely on “legitimate
interest”, “required for the performance of a contract” or consent, as
grounds for unlimited disclosure of personal data in WHOIS. It is
clear that they believe tiered or layered access, which facilitates
speedy access for legitimate law enforcement investigations, is the
preferred method to release personal data in WHOIS.

The Berlin group issued its first comment on WHOIS in 2000. You can
find their reports and statements, as well as important
correspondence, here. Three papers were approved at this meeting, and
are now being circulated for further comment to the members of the
International Conference of Data Protection and Privacy Commissioners
(ICDPPC), which is the procedure the group follows with its papers.
There are now 120 data protection authorities, world wide, and the
Berlin Group and the ICDPPC represent the broadest global membership
of these authorities.

Members of NCUC are currently working on a position paper on ICANN and
compliance with the GDPR. I will post a further blog when the draft
paper is ready, describing some of the issues. In the meantime, those
wishing to follow privacy matters at ICANN should keep an eye on the
regular GDPR updates, which appear here.

More on this discussion:
Update on ICANN data protection issues: Will there be enforcement of
data protection law in the future? – by S. Perrin 02/06/2017