Temporary Specification for gTLD Registration Data
Adopted on 17 May 2018 by ICANN Board Resolutions 2018.05.17.01 – 2018.05.17.09
The General Data Protection Regulation (GDPR) was adopted by the European Union (EU) in
April 2016 and takes full effect on 25 May 2018 across the EU countries. Over the past year,
ICANN organization (ICANN org) has consulted with contracted parties, European data
protection authorities, legal experts, and interested governments and other stakeholders to
understand the potential impact of the GDPR to Personal Data that is Processed by certain
participants in the gTLD domain name ecosystem (including Registry Operators and Registrars)
pursuant to ICANN policies and contracts between ICANN and such participants that are subject
to the GDPR.
This Temporary Specification for gTLD Registration Data (Temporary Specification) establishes
temporary requirements to allow ICANN and gTLD registry operators and registrars to continue
to comply with existing ICANN contractual requirements and community-developed policies in
light of the GDPR. Consistent with ICANN’s stated objective to comply with the GDPR, while
maintaining the existing WHOIS system to the greatest extent possible, the Temporary
Specification maintains robust collection of Registration Data (including Registrant,
Administrative, and Technical contact information), but restricts most Personal Data to
layered/tiered access. Users with a legitimate and proportionate purpose for accessing the non-
public Personal Data will be able to request such access through Registrars and Registry
Operators. Users will also maintain the ability to contact the Registrant or Administrative and
Technical contacts through an anonymized email or web form. The Temporary Specification
shall be implemented where required by the GDPR, while providing flexibility to Registry
Operators and Registrars to choose to apply the requirements on a global basis where
commercially reasonable to do so or where it is not technically feasible to limit application of
the requirements to data governed by the GDPR. The Temporary Specification applies to all
registrations, without requiring Registrars to differentiate between registrations of legal and
natural persons. It also covers data processing arrangements between and among ICANN,
Registry Operators, Registrars, and Data Escrow Agents as necessary for compliance with the