Meanwhile, if anyone was wondering what happens when a bunch of ill-organised, slightly self-important (but dim) people who must believe in unicorns and fairies meets reality then get some wine, popcorn and comfy slippers, and settle back ...
The parallels with Brexit are fascinating.
www.theregister.co.uk/2018/04/27/europe_icann_whois_gdpr/
Special report On March 26 – two months before new privacy protections come into effect in Europe – Goran Marby, CEO of DNS overlord ICANN, sent a letter [PDF] to each of Europe's 28 data protection authorities (DPAs) asking them to hold off punishing it over Whois.
Whois is a set of databases of domain-name owners, overseen by ICANN, and it contains people's personal information such as their names and contact addresses. As it stands, it is not compatible with Europe's General Data Protection Regulation (GDPR), which kicks in on May 25. Flouting the rules may result in fines. Something therefore has to be done. ICANN isn't quite sure what to do yet, hence its request for a stay of enforcement.
In a blog post on ICANN's website on March 29, Marby said he was "hopeful that we will be provided with a moratorium on enforcement." He mentioned the moratorium again in another update on April 10.
Then the request for a moratorium was inserted into a letter to Europe's Article 29 Working Party – a group comprising all the DPAs – on April 12. "We must again stress the need for a moratorium on enforcement in order for us to act to protect Internet users globally," Marby wrote [PDF] to the group's chairwoman Andrea Jelinek.
The same day, ICANN published a blog post built around the proposed moratorium, warning that without it "the Whois system will become fragmented." And again the next day, in another update, Marby spoke of "the need for additional time… including a moratorium on enforcement."
In the meantime, the organization started figuring out the fastest way it could come up with a solution to become compliant with the incoming privacy safeguards, and reached the conclusion that by using a special process, it could do the work within a year.
And so that open-ended moratorium became fixed: a one-year extension for ICANN to introduce its new system. ICANN then solicited input from other groups – including the US government – to back up its idea and took a series of letters along with a proposed timeline showing a one-year moratorium to a meeting of the Article 29 Working Party (WP29) in Brussels.
The letters repeatedly reference that suspension, sometimes using different language. For example, the Intellectual Property Constituency describes [PDF] it as a "forbearance on penalties." As does the International Trademark Association, which – even though it is not a constituency within ICANN - complains [PDF] that the WP29 has yet to get back to ICANN confirming the forbearance. The US government mentioned [PDF] the moratorium no less than four times in its letter.
There was however a big problem with this whole effort: there can be no such thing as a moratorium on regulations that are already in place.
In a new statement, provided by the Article 29 Working Party to The Register on Thursday following its meeting with ICANN earlier this week, the group is clearly baffled by ICANN's repeated requests for something that doesn't exist.
"The GDPR does not allow national supervisory authorities nor the European Data Protection Board to create an 'enforcement moratorium' for individual data controllers," the statement notes. "Data protection is a fundamental right of individuals, who may submit complaints to their national data protection authority whenever they consider that their rights under the GDPR have been violated."
ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law. But its entire strategy was built on a fantasy. So where did this concept come from? Who was advising the organization that this was even a viable approach, let alone the best one to adopt?
(contd)