ICANN announced yesterday it has granted four more data retention waivers to registrars domiciled in France and Germany due to their inability to sign ICANN’s 2013 Registrar Accreditation Agreement.
The registrars involved were ingenit GmbH & Co. KG, 1API GmbH, RegistryGate GmbH (all German) and MAILCLUB SAS (French). For all three, as with other requests, there were legitimate concerns that they would violate data retention laws in their countries.
In the case of MAILCLUB, ICANN noted that “pursuant to Section 3 of the Data Retention Specification of the 2013 RAA, which provides that if a registrar is subject to the same applicable law that gave rise to ICANN’s request to grant a previous data retention waiver under the 2013 RAA, a registrar may request that ICANN grant a similar waiver, which request shall be approved by ICANN, unless ICANN provides Registrar with a reasonable justification for not approving such request.” ICANN “determined that it is appropriate to grant Registrar a data retention waiver similar to the waiver previously granted to OVH SAS.”
Registrar’s Waiver Request cites the previous data retention waiver granted by ICANN to OVH SAS, on the basis of OVH SAS’s contention that compliance with the data collection and/or retention requirements of the Data Retention Specification in the 2013 RAA violates applicable law in France.
In the announcement, ICANN agreed “that following Registrar’s execution of the 2013 RAA, for purposes of assessing Registrar’s compliance with the data retention requirement of Paragraph 1.1 of the Data Retention Specification in the 2013 RAA, the period of ‘two additional years’ in Paragraph 1.1 of the Data Retention Specification will be deemed modified to ‘one additional year.’”
For the German registrars, ICANN noted that “shall remain obliged to retain all data elements specified in Articles 1.1.1 through 1.1.8 of the Specification for the duration of its sponsorship of the Registration and for a period of two (2) additional years thereafter; however, Registrar will be permitted to block the data elements specified in Articles 1.1.1 through 1.1.8 of the Specification in accordance with blocking requirements under applicable law (see Sec. 35 para. 3 German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) at the earliest after one year following the end of the Registrar’s sponsorship of the Registration, provided that the rights of data subjects under Sec. 35 para 2 second sentence BDSG shall remain unaffected.”
There are also changes regarding Articles 1.2.1, 1.2.2 and 1.2.3 in the ICANN announcements for the German registrars.
In relation to the German requests, ICANN noted “that the provisions of Section 3 of the Specification will apply to similar waivers requested by other registrars that are located in Germany and subject to German law.” So it can be expected there will be further requests from registrars required to sign the 2013 Registrar Accreditation Agreement.