The Article 29 Working Party represents the data protection authorities of all 28 member states of the European Union. In many instances the individual DPAs prefer to rely on a high level communication from the Article 29 Working Party rather than taking individual action. As data protection law in the EU has been fairly harmonious for years this approach made a lot of sense. With the advent of GDPR next year that level of harmony should be close to complete.
Over the past 14 years the EU data protection authorities have written to ICANN several times to point out issues and concerns in relation to WHOIS as well as to data retention, the waivers process and other matters of concern.
Yesterday ICANN published the most recent letter from the Article 29 Working Party and while it is polite, it’s also very clear that the authors are not afraid to scold ICANN.
Here’s the letter:
What impact will this letter have?
It’s hard to say, but it may help bring clarity on some of the short to medium term solutions to GDPR compliance currently being examined by registrars and registries. Admittedly the letter only refers to ICANN and registries, but I suspect that’s more of an oversight than intentional.