/
Notes from 13 July 2017 APAC Space Web Conference

Notes from 13 July 2017 APAC Space Web Conference

Owned by Philadel Yeo
Last updated: Mar 02, 2025 by Aleksey Khapchenko (Unlicensed)Version comment


The APAC Space web conference meeting was attended by 44 participants from the region, including registries, registrars, at-large community, business stakeholders, and government officials. The meeting discussed data privacy and protection in relation to ICANN, and focused on the General Data Protection Regulation (GDPR).

The meeting recording and presentation slides can be found at the APAC Space Community Wiki webpage here: https://icann-community.atlassian.net/wiki/spaces/GSEAPAC/pages/114296860/APAC+Space.

Key action items following the meeting are as follows:

  • Write to dataprivacy@apacspace.asia to join APAC Space Data Privacy & Protection subgroup. Discussion from the 13 July APAC Space on the same topic will continue on this subgroup.   
  • Discuss and decide on the discuss@apacspace.asia mailing list if the next APAC Space web conference should: i) rotate to a PDP/Review, or ii) continue discussion on Data Privacy & Protection.
  • If there is interest to form another subgroup focusing on a certain topic, to raise it on the mailing list discuss@apacspace.asia.

Introduction

Jia-Rong Low, VP and Managing Director, ICANN Asia Pacific welcomed the participants. Low highlighted that the new APAC Space mailing list address is discuss@apacspace.asia. As APAC Space is a community-led platform, the mailing list was created as part of collaboration with community.

Introduction to APAC Space subgroups

Background: At the previous APAC Space web conference, it was agreed that “APAC Space subgroups” could be formed. This would help individuals who share a common interest in a particular topic to have more in-depth discussions. Given the large diversity in the APAC community in terms of understanding different topics, the subgroup could share their discussions with the wider APAC community to help the latter understand the topic, thereby building capacity to facilitate participation in ICANN work.

Working parameters for the subgroup include:

  • An APAC Space subgroup can be formed when there is significant interest in a particular topic.
  • The subgroup will need to be organized with 2 co-chairs (nominated by the subgroup’s members). The co-chairs are responsible for scoping the discussion issues and organizing discussion calls.
  • Besides discussing the topic in depth, a key goal is also to work on presenting the topic at the next APAC Space session.
  • Calls are facilitated by APAC Hub staff via Adobe Connect.
  • The co-chairs can recommend subject matter experts to join the subgroup and/or present on the topic if knowledge on the topic is lacking.

The pilot APAC Space subgroup on Data Privacy & Protection has 19 members currently and is led by 2 co-chairs: Holly Raiche and Kuo-Wei Wu.

To join the APAC Space Data Privacy & Protection subgroup, please write to dataprivacy@apacspace.asia.

A dedicated community wiki page has also been set up for the subgroup to use at https://icann-community.atlassian.net/wiki/spaces/GSEAPAC/pages/114297670/Data+Privacy+Protection

Introduction to Data Privacy & Protection

Holly Raiche (APRALO) introduced the topic Data Privacy & Protection. Raiche highlighted the OECD Guidelines 2013: New Threats and OECD Principles. Any data collected should be done by consent, and the data collected should only be what is necessary for the collector. The European Court of Justice 2016 ruled in Article 2(a) of the EU Directive that “personal data” refers to any information that could lead to a person directly or indirectly. Hence, a dynamic IP address registered by an online media services provider when a person accesses a website constitutes as personal data. This ruling extends beyond EU territories, even if the data resides on the cloud.

Introduction to General Data Protection Regulation (GDPR)

Sebastien Ducos (geoTLD.group) introduced the European Union (EU) General Data Protection Regulation (GDPR). As long as businesses or companies control or process data of citizens and/or residents from the EU, these entities would be subject to the GDPR. ICANN contractually (through the Registrar Accreditation Agreement and Registry Agreement) requires data collection. Hence, businesses should clearly define and document the reasons they are collecting the data, and why they require it. Ducos mentioned that the ICANN Policy Development Process (PDP) on Next-Generation gTLD Registration Directory Services (RDS) to Replace Whois is studying how to redefine the registration data collection process. Further to the ICANN59 Policy Forum (Johannesburg), there is also an internal ICANN review on data collection led by Theresa Swinehart (ICANN). A small group from the PDP recently met with the EU Commission to ask what data can or cannot be collected. Community members can review the geoTLD.group survey results on GDPR at: http://geoTLD.group/GDPR

Community Discussion

  • Varying disclosure requirements. Due to the variety of approaches on data protection, businesses face challenges in keeping track of what the different disclosure requirements are, particularly where one jurisdiction requires disclosure that another jurisdiction has prohibited. To mitigate this, a community member suggested that every registry/registrar consider applying GDPR as a baseline policy.
  • Impact on Registries/Registrars. Contracted parties who currently publish Whois information of EU citizens/residents would be in breach of the GDPR if nothing is done by 25 May 2018. This means a penalty (4% of global turnover for each breach) will be levied for every month that the breach continues. A community member raised that it is difficult to distinguish between European and non-European registrants. To manage this, the ICANN PDP on Next-Generation gTLD RDS to Replace the Whois is determining what data can or cannot be collected. If contracted parties have started implementing the GDPR and risk being in breach with ICANN contractual compliance, they could seek a waiver from ICANN.
  • Charge for domain privacy protection. In response to a community member’s query regarding registrars charging registrants for domain privacy protection, Raiche and Ducos said that no charge should be required and services should not be refused if the data is not provided.

AOB

  • Krista Papac, ICANN Complaints Officer, will hold a community webinar in August 2017 for the community to get to know her office better, and provide their feedback on improving ICANN. Date to be confirmed.
  • The next APAC Space will be held in web conference format in September 2017. Date and agenda to be decided on the mailing list.