Temporary Specification for gTLD Registration Data

On May 17, 2018, a temporary specification for gTLD Registration Data came into force. The Temporary Specification for gTLD Registration Data (Temporary Specification) establishes temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies in light of the GDPR.

Consistent with ICANN’s stated objective to comply with the GDPR, while maintaining the existing WHOIS system to the greatest extent possible, the Temporary Specification maintains robust collection of Registration Data (including Registrant, Administrative, and Technical contact information), but restricts most Personal Data to layered/tiered access. Users with a legitimate and proportionate purpose for accessing the non-public Personal Data will be able to request such access through Registrars and Registry Operators. Users will also maintain the ability to contact the Registrant or Administrative and Technical contacts through an anonymized email or web form.

The Temporary Specification shall be implemented where required by the GDPR, while providing flexibility to Registry Operators and Registrars to choose to apply the requirements on a global basis where commercially reasonable to do so or where it is not technically feasible to limit application of the requirements to data governed by the GDPR.

The Temporary Specification applies to all registrations, without requiring Registrars to differentiate between registrations of legal and natural persons. It also covers data processing arrangements between and among ICANN, Registry Operators, Registrars, and Data Escrow Agents as necessary for compliance with the GDPR.

Specification is available here.

The General Data Protection Regulation  [GDPR]

The General Data Protection Regulation is a European Union (EU) law regulating the way personal data of EU citizens and residents can be gathered, used, stored and transferred.

GDPR is a EU Regulation, which is a binding legislative act that must be applied in its entirety across all EU Member states. (Compared to a Directive, which sets a goal but leaves it to the individual Member states to devise their own legislation on how to reach the goal).

The Regulation is relevant for all organisations based in the EU that collect or process data from EU residents, but also applies to organisations based outside the EU if they collect, store or process personal data of EU residents. GPDR entered into force on 25 May 2016 and will be enforceable starting 25 May 2018.


ICANN Information on GDPR (January 2018)

Data privacy and data protection regulations are currently undergoing developments that may impact specific areas of the ICANN organization’s work. ICANN’s landing page contains a current listing of ongoing projects at the ICANN organization related to data protection and privacy matters, and is intended to provide easy access to this information. You can find the landing page at

Legal Analyses, Proposed Compliance Models, & Community Feedback:

ICANN Webinar on 04 October 2017:

GDPR Models and Proposals submitted to ICANN

Proposal of eco (Association of the Internet Industry) Playbook GDPR:

Proposed Interim Models for Compliance with ICANN Agreements and Policies in Relation to the European Union’s General Data Protection Regulation:

Draft Model to Address the GDPR submitted by Coalition for Online Accountability:


GDPR Solutions (October 2017 update)

The geoTLD group has been working with its European members and partners to survey best practices in terms of GDPR Registry solutions.

Key Registries Backend Providers such as AFNIC, CORE and SIDN, who bring years of experience of GDPR-like local legislation, implemented GDPR measures to run .fr, .cat and .nl respectively, and all manage New gTLDs, giving them a thorough understanding of the program; have helped us draw the landscape.
We derived from their experience a set of possible solutions, trying to maintain existing New gTLD obligations where ever possible, suggesting amendments where they are in conflict with GDPR, to offer working solutions to Whois, Escrow and other issues raised by GDPR.

Find our presentation at  geoTLD-GDRP-Solutions.public.pdf


GDPR Survey (May 2017)

See all the results at – GDPR survey report – June2017

General Data Protection Regulation

GDRPRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC  – 

Information website by the European Union:

The GDPR Survey

The launched a survey to gather information on the awareness and state of preparations within the domain name industry for the General Data Protection Regulation (GDPR).

The online survey was launched on 5 April 2017. It was amongst other announced on the mailing list of different Supporting Organisations (SOs) and Stakeholder Groups in the ICANN community and on the website.

This report reflects the feedback we received on the survey between its launch on 5 April and the end of May 2017.

See all the results at – GDPR survey report – June2017


Purpose & Disclaimer

The geoTLD.Group survey aims at getting an indication of GDPR awareness within the domain name industry and the state of preparations of industry players for the 25 May 2018 deadline for GDPR enforcement.

The survey collects information on issues Registries, Registrars and other players identified and on the measures they intend to implement on legal, policy, technical or other levels.

This survey report is not a legal analysis of GDPR nor a guide for individual companies on measures or required changes to policy or processes for the collection, processing and storage of data on EU residents and domain holders in line with the new EU legislation. It is either our intent to assess the merits of the different solutions.

We hope that this survey report contributes by raising awareness on GPDR, by showing how different players assess the impact of GDPR on their business, by listing what issues they identify and what measures they plan to take. We also hope that the information in this report is relevant and practical input for the community policy discussions at ICANN 59 in Johannesburg and beyond.