Complying with the EU GDPR? Easy, skip ICANN.

So the preparations for the EU GDPR and Registries and Registrars are in full swing.
This week the Geo gTLD Group released a survey to involved parties, and the results will show us where we are at.

But do we need to do this and do we need to get ICANN in the mix?

Let’s go back in time.
In 2015 the Chinese regulator MIIT announced they were going to enforce the rules, created a decade ago. Now, where did we hear this before? Oh wait, the EU Directives, we ignored them as there was no enforcement.

Back in 2015 the RrSG went to the ICANN board and asked about their view when it came to what some called “draconian” regulations. The board listened, and the board said:”they were very aware, but it was an internal country matter, outside of ICANN.”
And that was that.

What was so “draconian”? For Chinese Registrants to register domain names through Chinese Registrars, the Registries had to jump through a ton of regulation hoops.
Get accredited with MIIT. Setup a presence in China. Escrow data to a Chinese Escrow Provider only. Deal with real name verification procedure.
So what did those non-Chinese Registries do? They looked at a huge market; they figured that these Chinese folks would not use Registrars outside China and most likely go for the Chinese gTLDS and .CN. Not a great prospect for the Registries.
Solution? They jumped through the hoops; some even created real name verification support through EPP to make registrations easy.

Every month I receive a newsletter or read a press release where a Registry proudly announces they are China ready and MIIT accredited. It’s like these guys won the Olympics. Granted going through that process is tough and congrats are in order.

The reality is, the real reality is, Registries are complying with the law in China. Awesome, how cool is that?! How about we go one step further and start complying with EU law?!

If we can do it in China, we can do it Europe right?
Want to do business with Chinese Registrants? Jump through the hoops.
Want to do business with EU Registrants? Jump through the hoops and stop discussing if EU law is a factor within ICANN.
The contracted parties are apparently perfectly capable of dealing with the national country law even if they are labeled as “draconian.”

Now the above carries some load of sarcasm. But if push comes to shove, contracted parties will become EU GDPR compliant no matter how many folks in the ICANN community are in denial.
No matter how hard folks in ICANN the community are trying to ignore the EU and keep on thinking this does not affect ICANN.

But cooperation and coordination with ICANN and within ICANN remains key in my opinion, to steer this and the policies in the right direction. This is a multi-stakeholder model for a bunch of good reasons, and everyone has a stake in this for the right reasons and balance.

Theo Geurts