ICANN reveals how it responded to GDPR

null

The Internet governance body ICANN has put preliminary measures in place to comply with the EU's General Data Protection Regulation (GDPR) marking the first time legislation has forced it to make changes.

The organisation's board of directors adopted a “Temporary Specification” for GDPR compliance just days before the new regulation went into effect.

ICANN's president Goran Marby said that the organisation has updated key policies and has sent messages to inform users of the changes. All of the fillable and downloadable forms on ICANN-supported websites have also been changed.

Marby explained other measures ICANN has taken to comply with GDPR in a blog post, saying:

“We've also rolled out internal changes to the way we handle personal data, from data processing arrangements with vendors to our various personnel policies. “

The changes made for GDPR are also part of a broader shift for ICANN as it has lost the protection of the US government and now has to answer to the EU and other regulating bodies. Since its formation in 1998, the organisation has mostly set its own rules apart from the occasional intervention by the US government.

Data protection regulators in the EU have been advising ICANN on upcoming data protection changes since 2003 though the organisation waited until last year to prepare for GDPR.

During an ICANN meeting in March, Marby explained the organisation's late start on the road to GDPR compliance, saying:

"GDPR is really the first – my understanding, is really the first law that has a direct affect on our ability to make policy. This law was designed several years ago. And, apparently, as a community, as an institution we didn't pay much attention. We started very late." 

ICANN expects it to take a year before it can implement a fully GDPR-compliant version of its WHOIS system.