ICANN 'WHOIS' GDPR Failure
In The News / ITN - Each week I pick a new story from the news and provide my thoughts and opinions on it.
What happens when one powerful bureaucratic organisation creates some rules which affect another powerful bureaucratic organisation? Im sure you can think of some stereotypical outcomes. Read on below to find out more on what is turning out to become a classic example.
What is GDPR?
Lets start off by introducing our first powerful bureaucratic organisation, the European Union government. Back in 2016 they introduced a new law called ‘General Data Protection Regulation’ (GDPR) which is basically a modernised version of the 1995 Data Protection Act. It its purpose is to force companies to properly protect EU customers data and receive consent to use it. Failure to comply carries huge fines of up to 4% of Global Turnover or €20 Million which ever is HIGHER.
This also the reason why all the apps or services you use, are asking you to select what topics and channels you wish to hear from them through.
You can read more about GDPR here.
Who Is ICANN?
Time to get to know our second powerful bureaucratic organisation, ICANN. The ‘Internet Corporation for Assigned Names and Numbers’ or ICANN organisation is responsible for overseeing the registration of Domain names and allocation of IP Address. It’s this organisation which keeps a record of every unique address, provided by domain registration companies like GoDaddy or 1&1 and the individuals who owns them.
You can read more about ICANN here.
What’s The Problem?
So you may be wondering what the problem between these to seemingly unrelated organisations. Well that record I mentioned ICANN keeps, it’s called the ‘WHOIS’ database and where this gets interesting is that its publicly searchable. If you type ‘whois’ and then any web address into the command line application on your computer it will show you details of the person who owns the address.
Im still not seeing the problem, you say.
Well a core feature of GDPR is that individuals must actively opt in to allow their information to be used or displayed publicly. The fact I can currently search for anyones data and it was added without my explicitly saying yes, means they fail to meet the legislation.
Why Is It Not Fixed?
The 2 year grace period since the law was signed was to allow companies to meet the legislation. In that time there have been multiple reports of ICAAN being overly bureaucratic and not taking this seriously. Its reported they only started work in October 2017, 8 months before deadline (link).
Whilst its obvious that overhauling this system is a very big task, to start looking into it 8 months before the deadline in unacceptable. There are reports going back to 2015 which raise issues of a lack of internal organisation and more worryingly the apparent desire by executives to cover up the report and not fulfil its recommendations.
Im sure you can agree with me, this is no way an organisation should be run especially not one as important as ICANN.
So how has ICANN decided its going to fix the system in time?…… It hasn't.
The only thing ICANN has decided to do with any certainty, is beg the EU for an extension of the deadline. Unsurprisingly they have been met with an resounding ‘NO’. You can find more information about its begging here, here and here.
My 2 Cents
This whole saga stinks of two things; Complacency and Weak Leadership.
By being the only organisation who provides this service, ICANN has clearly got comfortable with the lack of competition and more bureaucratic. This forms a culture of ‘we are special and will never be challenged’ which leads to arrogance and underperforming. This has been shown time and time again through either the audits dating back years or the constant begging to the EU to give it more time.
The weak leadership isn't necessarily caused by complacency but it doesn't help. This is the perfect time for a strong leader to take control of the situation, decide a plan and force it through. Yes, It wont perfectly satisfy every interested party but it’s a start. People are resistant to change and when something significant hasn't happened in a long time then it’s resisted more.
Im sure we will hear more information in the coming weeks, but until then thanks for reading and let me know if you have any questions or feedback.