By Aarti Bhavana
ICANN58 was held in Copenhagen, Denmark from 11-16th March 2017. I was very fortunate to have been able to participate at this meeting thanks to the NCUC Fellowship Program (which has been described in greater detail at the end of this post). This pilot program was also briefly discussed during the NCUC meeting on constituency day.
This post will discuss the sessions of two processes that continued its work at ICANN58: CCWG-Accountability and the WHOIS PDP Working Group.
Cross-Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability):
ICANN58 comes exactly three years after NTIA announced its intention to transfer the U.S. government’s stewardship role over the IANA Functions to a global multistakeholder body. Much has happened since. The finalized IANA Stewardship Transition Coordination Group (ICG) proposal and the CCWG-Accountability Work Stream 1 Report were approved by NTIA, ICANN’s bylaws were amended to reflect the changes recommended in these proposals, and amidst political opposition and attempts to thwart it, the IANA Transition was finally completed.
Since ICANN56 (June 2016), the focus has shifted to Work Stream 2 (WS2)- a set of topics that required further discussion, but were not critical to the transition. These are: Human Rights, Jurisdiction, Transparency, Diversity, SO/AC Accountability, Staff Accountability, Ombudsman, Guidelines on Good Faith Conduct in Participating in Board Removal Discussions and Reviewing the CEP. An overview of the topics can be found here.
The CCWG-Accountability met a day before the official meeting week, for a full-day face-to-face meeting in Copenhagen. The group decided that as and when they were completed, each subgroup’s reports would be opened to public comments and approved by the entire CCWG-Accountability before finalization. Once all the individual reports are finalized, the entire package will again be opened for public comments, but only to identify any inconsistencies between the reports of the different subgroups. Further, the chartering organizations will approve the finalized sub-group reports in small parts, and not all at once, to ease the documentary burden.
Over the course of the day, the various subgroups presented their updates. The presentations and discussion can be viewed here.
The SO/AC accountability subgroup had a successful first reading of Track 1 and 3 of their report. Track 2, which is about the Mutual Accountability Roundtable, will require further discussion as there was some disagreement over whether this specific model of accountability should be recommended to facilitate mutual accountability of the SO/ACs. The Staff Accountability subgroup presented a re-scope of their work, in order to make it more meaningful. This was accepted by the WG. They also raised the need for ICANN staff input on the work being undertaken by this group, which was later discussed with ICANN CEO, Göran Marby. The Diversity subgroup presented a questionnaire that they intend to circulate to better understand the status quo. This will be reworked based on the comments received. The group also presented a request for interpretations during its calls, based on a request they received. In the interest of increasing diversity, especially within a group dealing with the issue of diversity, this was approved as an experiment until the end of June 2017.
Though each subgroup has been making much progress, WS2 will not be completed within this fiscal year (June 2018). The work is expected to continue into the next fiscal year, though within the initially proposed budget.
Next-Generation Registration Directory Services PDP Working Group (RDS PDP WG) and Privacy & Data Protection:
PDPs are known for being long, complicated processes and the WHOIS PDP is no exception. Active members can recount their frustration with the slow pace of the WG over the past several months, but this meeting leaves one with hope, at least as far as privacy and data protection are concerned. NCUC members have long been raising concerns about the privacy implications of the WHOIS database, and it was gratifying to see this concern being given serious consideration at ICANN58.
The Cross-community discussion with Data Protection Commissioners, or ‘Privacy Summit’, presented an opportunity for the community to interact with a panel of data protection experts, including Prof. Joseph Cannataci (UN Special Rapporteur on the right to privacy), Mr. Wilbert Tomesen (Chairperson of Article 29 Working Group) and Mr. Giovanni Buttarelli (European Data Protection Supervisor). Though they have been providing input over WHIOS purpose limitation for years, this was the first time that data protection commissioners were meeting face-to-face at an ICANN meeting. The RDS PDP WG had prepared a list of questions on which they sought expert opinion from this panel. (The written responses to these questions were sent a few weeks after the meeting, and can be read here.)
One point repeatedly mentioned was that this is a global issue- privacy and data protection regulations can be found in more than 120 countries. Laws are increasingly considering privacy to be a necessary prerequisite for the enjoyment of other internationally recognized rights and freedoms, such as freedom of expression, right to personal identity and dignity. Privacy and data protection are good governance principles and should be understood as such. Critical issues of purpose of collection, publication, and consent were also discussed. Further, it was also argued that there is a demonstrable harm arising from the WHOIS database, as data protection authorities have been receiving many complaints over the years from consumers about the public availability of their personal data. It was highlighted that ICANN needs to be held accountable as a controller- a predictable process of handling personal data and fostering respect for fundamental rules of privacy would lead to consumer trust.
In addition to the cross-community discussion, Prof. Cannataci and Mr. Kimpian also met with the RDS PDP WG to discuss its list of questions and have an open discussion on privacy and data protection. There was much discussion on the issue of purpose. It was made clear that there must be a specific purpose behind the collection of every bit of information. The importance of differentiating between collection and publication was also stressed- there needs to be a separate purpose for each. Personal data can be published, but there must be a legitimate purpose for the same.
An extremely relevant point was made that while law enforcement has access to the data collected for DNS, ICANN is not in the business of collecting information for law enforcement. It is vital to keep in mind this distinction as the data collected needs to be limited to what is needed for the DNS; the RDS cannot be built for the purpose of law enforcement. There was also a lengthy discussion on understanding whether various elements of thin WHOIS data would be considered personal information under the General Data Protection Directive.
Though there wasn’t enough time to go through all the questions, this session was very useful in helping WG members understand the privacy aspect of the RDS. In fact, one member even stated that their understanding of thin and thick WHOIS and privacy was changed after the discussion. It is important to continue these discussions. Prof. Cannataci suggested inviting experts to join the WG process formally, which is definitely needed to ensure that the WG recommendations adequately take into account privacy and data protection.
The NCUC Fellowship Program, which took place for the first time at ICANN58 in Copenhagen, supported newcomer participation by paring them with more experienced members. As someone who was a newcomer merely 1.5 years ago, I appreciated the opportunity to participate as a mentor this time. This program was very well-organised and well-thought out, with all participants being given a clear idea of what was expected from them. I got to interact with the newcomers- Sze Ming and Grace- a few times even before the meeting. Through Skype calls and emails, we covered the basics of what ICANN does and how NCUC and its interests fit into that. I also took them through the meeting schedule, to help select sessions of interest and prepare for the meeting week well in advance. They were also put in touch with NCUC members active in the various WGs.
I thought that this program was very helpful as it constantly guided the newcomers both before and during the meeting week. I know I would have really appreciated such a program when I first joined! As a mentor, I was grateful for the opportunity to take a step back and look at the larger picture. Being involved in the various working groups, it’s very easy to get caught up in the details and forget to look at the broader area. However, it is important to remember how the individual work fits into the larger ecosystem.
I would like to once again express my gratitude to NCUC for making my participation at this meeting possible.
 A special thanks to Stephanie Perrin (NCUC) and Peter Kimpian (Council of Europe) for making this long overdue discussion on WHOIS and privacy finally happen.