Michele Neylon is not happy with ICANN. Actually, he’s “angry, frustrated and unhappy”.
The reason is, “ICANN has put us and other European Union based registrars in an utterly ridiculous situation,” Neylon wrote on his Blacknight Solutions blog.
“We are expected to ask ICANN for permission to comply with Irish and EU data privacy law.
“Or put another way, an Irish company is obliged to jump through hoops with a California based corporation in order to be able to operate within Irish law.”
It’s a situation that has been brewing for some time Neylon wrote, with discussions with ICANN happening for the last two years.
His company went from being a domain name reseller to an ICANN-accredited registrar to cut out the middleman. And now a new contract has been published, but as he notes “the new contract has issues if you’re based in the EU.”
“The central tenet of data privacy law is summed up in Article 6(e) of the European Data Protection Directive 95/46/EC which deals with retention of data (emphasis added):
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected
“Which under Irish law is Data Protection (Amendment) Act 2003:
“Article 4 (e). preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored”
“However ICANN explicitly demands that registrars retain the data for way longer.”
Neylon’s problem is that the period of time ICANN want the data to be held is “simply too long”.
To seek some clarification, Neylon reached out to Ireland’s Data Protection Commissioner, and they advised, in short, ‘without any rationale for the data being held for so long they had issues with it’.
The EU also has problems with the requirement. Neylon writes the “European Union, has written to ICANN on several occasions telling them clearly that the 2013 RAA is not compatible with EU law.
“They also made it very clear that they didn’t think it was reasonable to ask every EU based ICANN accredited registrar to jump through hoops to get an exemption to the clauses.”
And then he asks “What did ICANN do about it? Short answer – nothing.”
In his posting, Neylon finds it problematical that ICANN doesn’t understand law.
To read the post in full, see blog.blacknight.com/blow-fuse.html.