ICANN has been in discussions with a number of Registrars regarding data retention waiver requests (“Waiver Requests”) submitted under the 2013 Registrar Accreditation Agreement (the "2013 RAA"). Some Registrars are seeking an exemption from certain collection and/or retention requirements under the Data Retention Specification (the "Specification") of the 2013 RAA. Section 2 of the Data Retention Specification sets forth requirements regarding the written materials a Registrar must submit in support of its good faith determination that the collection and/or retention of any data element specified in the Specification violates applicable law, and provides that following notice to ICANN of the Waiver Request, ICANN and the applicable Registrar shall discuss the matter in good faith in an effort to reach a mutually acceptable resolution of the matter. An update on the 2013 RAA and the data retention waiver process can be found here: http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver-process/
ICANN understands that personal data should be treated in accordance with applicable data protection laws, which generally permit gathering and retention of personal data for legitimate purpose(s). ICANN also understands that the law may vary from country to country as to (i) what is considered a legitimate purpose, (ii) whether the personal data is adequate, relevant and not excessive in relation to the legitimate purpose for which they are collected and (iii) for how long certain data elements may be retained. In other words, what is considered a legitimate purpose for collection of certain data in one country may not be considered a legitimate purpose in another country.
During ICANN’s discussions in an effort to reach a mutually acceptable resolution of the matter, some Registrars have requested that ICANN (a) clarify and better define certain data elements described in the Data Retention Specification that the Registrars maintain are not clearly defined; and (b) describe potentially legitimate purposes for collection and retention of each data element that would help provide guidance for Registrars both as to whether such elements may be lawfully collected, and, if so, for how long such elements might lawfully be retained..
In response to these requests from some Registrars, ICANN is posting for public comment a document seeking to clarify what is meant by certain data elements described in the Data Retention Specification and describing potentially legitimate purposes for collection and retention of those data elements. That document can be found here [PDF, 116 KB]. The document will be posted for a period of thirty (30) days to seek feedback and input from the community on (i) whether the data elements are appropriately described, (ii) whether the cited purposes for collection and retention are appropriate and legitimate, and (iii) whether there are other potentially legitimate purposes for collection and retention of such data elements. After the thirty (30) day period following this posting has expired, ICANN will consider all feedback and input received in connection with ICANN’s ongoing discussions to reach a mutually acceptable resolution of Waiver Requests. In the interim, ICANN will continue its ongoing discussions to reach a mutually acceptable resolution of Waiver Requests with individual Registrars with the goal of granting additional Waiver Requests as and when appropriate.
A public comment period will remain open until 23:59 p.m. PDT/California, 21 April 2014. Public comments will be available for consideration by ICANN staff and the ICANN Board.