1

Temporary Specification for gTLD Registration Data

Adopted on 17 May 2018 by ICANN Board Resolutions 2018.05.17.01 – 2018.05.17.09

The General Data Protection Regulation (GDPR) was adopted by the European Union (EU) in

April 2016 and takes full effect on 25 May 2018 across the EU countries. Over the past year,

ICANN organization (ICANN org) has consulted with contracted parties, European data

protection authorities, legal experts, and interested governments and other stakeholders to

understand the potential impact of the GDPR to Personal Data that is Processed by certain

participants in the gTLD domain name ecosystem (including Registry Operators and Registrars)

pursuant to ICANN policies and contracts between ICANN and such participants that are subject

to the GDPR.

This Temporary Specification for gTLD Registration Data (Temporary Specification) establishes

temporary requirements to allow ICANN and gTLD registry operators and registrars to continue

to comply with existing ICANN contractual requirements and community-developed policies in

light of the GDPR. Consistent with ICANN’s stated objective to comply with the GDPR, while

maintaining the existing WHOIS system to the greatest extent possible, the Temporary

Specification maintains robust collection of Registration Data (including Registrant,

Administrative, and Technical contact information), but restricts most Personal Data to

layered/tiered access. Users with a legitimate and proportionate purpose for accessing the non-

public Personal Data will be able to request such access through Registrars and Registry

Operators. Users will also maintain the ability to contact the Registrant or Administrative and

Technical contacts through an anonymized email or web form. The Temporary Specification

shall be implemented where required by the GDPR, while providing flexibility to Registry

Operators and Registrars to choose to apply the requirements on a global basis where

commercially reasonable to do so or where it is not technically feasible to limit application of

the requirements to data governed by the GDPR. The Temporary Specification applies to all

registrations, without requiring Registrars to differentiate between registrations of legal and

natural persons. It also covers data processing arrangements between and among ICANN,

Registry Operators, Registrars, and Data Escrow Agents as necessary for compliance with the

GDPR.