ICANN Chair Maarten Botterman spoke at the recent Domain
Pulse conference in Innsbruck, giving a key note address titled My Vision for Internet
Governance and ICANN and participating in a panel on Internet
Governance: Next Generation, which focused on how to get young people more
involved in internet governance issues. In part one of our interview with Botterman
we discussed issues such as data protection, the differences between Europeans
and others when it comes to privacy, whether European and US views will ever be
compatible, as well as a WHOIS replacement that complies with the GDPR.
In part 2 of the interview we’ll discuss getting young
people involved in internet governance, the future of the DNS, how ICANN
participates in legislation and policy developments around the world (and how
successful this is), and what he’d like to see changed at ICANN.
First up we asked Maarten to have ‘A Look into His Crystal
Ball”, the conference theme, regarding he sees as the key issues and
differences between countries and regions around the world when it comes to
privacy.
Maarten responded by saying that “if you go around the world
there are differences in all regions.” He explained that the differences when
it comes to what’s important aren’t just about privacy. There are also
differences that go “beyond ICANN, but touch upon ICANN. For example, in Africa,
there is a focus on getting connected, in the first place. In India, there is a
lot of emphasis on fighting poverty and how the internet can help resolve that.
If you look at the differences between Europe and America particularly, then there
are two elements that are quite different when it comes to privacy. In the US,
privacy is an economic right that can be traded but in Europe it’s seen as a
human right that cannot be traded. So now the world tries to find a balance.
It’s important for us to find that balance as the stakes go up because of
increasing digitisation. Most of us have a greater digital footprint than we
realize, between social media, professional content, banking, credit cards and
the like. If you combined it all together, a pretty intrusive picture is formed
allowing for bad actors to abuse. And it’s important that this be addressed. And
we don’t have all the solutions yet as I said on stage.”
“The privacy rules currently discussed are not that
different from before the GDPR [European Union’s General Data Protection
Regulation] to now, but they’re now more strongly enforced and have more focus.
Because of this I think we’re doing the right thing by addressing these issues consciously.
So that’s the privacy part where the US and the EU try to find a way together.
“I think if you look at both issues, and also at a global
level, you’ll find that in many ways the European principled based approach provides
a useful “middle” between the more market-driven American approach, and that of
Asian states. It’s of course an oversimplification. This difference has
affected the domain name industry as well.”
The European Union’s GDPR was implemented almost two years ago,
so we asked Maarten about ICANN’s response, since it’s now not permissible to
collect the registrant data that ICANN previously required be collected under
their registrar and registry agreements for gTLDs, and why ICANN still doesn’t
have a permanent response.
“Well, that depends on two things. One is we’re working on an
arrangement where we can offer registrant data to those who are entitled to it.
Steps have been taken toward this, ranging from the way data is collected and
presented in the WHOIS replacement, RDAP, as you are aware. RDAP supports secure
access to data, and the ability to provide differentiated access to
registration data. The community is working on modifications to existing
requirements in the Registrar Accreditation and Registry Agreements in order to
comply with the GDPR through an EPDP (Expedited Policy Development Process). Within
ICANN, the community develop the policies, as stated in our Bylaws. And I think
we’re getting to the best possible outcome. However, we don’t know what solution
will be found acceptable from a GDPR perspective, so we’re seeking clarity from
Europe’s data protection authorities as well as the European Commission. We’re
looking for what is good enough, what would work and what the EU believes would
fulfill the intentions of GDPR. We don’t want to break the law, but GDPR was
clearly not developed for the purpose of the WHOIS.”
Lastly on privacy, we asked whether the American view of
privacy and the European’s view will ever be compatible?
Delving into his crystal ball Maarten, said he thinks “it
has to as the world becomes more and more global. If I look back to an
evaluation I did with RAND Corporation on the European Data Protection
Directive around 10 years ago, it was already becoming clear that, ultimately,
there will be a move toward a principal-based front end and a harms-based
backend when it comes to privacy.”
“The harm-based backend drives the American system more and
the principal-based drives the European system. At some point this will need to
come together because data, including those related to private persons, go
across borders, which is happening now too. Further developments are likely to
happen over the time to come. The principles are becoming clearer: people need
to be protected against the abuse of their data. How we get there this is one
part, and WHOIS is just a small aspect of the issues to be tackled by the GDPR.”
This latest Domain News has been posted from here: Source Link