Skip to main content

Data Protection and Privacy

As privacy legislation continues to evolve, ICANN has been focused on implementing policies and building systems to facilitate access to registration data related to generic top-level domains (gTLDs), while at the same time complying with the law. The ongoing goal is to strike a balance between securing individual privacy rights and maintaining the safety and security of the Internet.

Some of the key priorities are:

  • To create and maintain a collaborative platform that provides visibility and clarity over ICANN org's data protection and privacy-related initiatives and projects, and allows for the formation and execution of a centralized strategy; and
  • To establish a structure to aggregate information as it relates to the various data protection and privacy initiatives.

Table of Contents:

Latest Announcements, Updates, and Blogs

Find the latest news and information about Data Protection and Privacy here.

All correspondence related to Data Protection / Privacy issues can be found here.

Meetings and Work Sessions

All meetings related to Data Protection and Privacy issues can be found here.

Government Engagement

ICANN org participates in a range of forums and engages with a variety of stakeholders on issues relating to ICANN's mission. The org's engagement strategy is two-pronged: 1) focusing on raising awareness, including of privacy-related aspects of ICANN's work, such as WHOIS and associated procedures; and 2) focusing on capacity development and educating local participants on Internet policymaking, technical coordination, and implementation.

ICANN org continues to meet with data protection agencies within relevant government bodies around the world to gain a better understanding of how privacy legislation, such as the General Data Protection Regulation (GDPR) in Europe and the Personal Information Protection Law (PIPL) in China, relates to the work of ICANN org and to its contracts with registries and registrars. This includes both monitoring for legislation, such as the European Union Directive on Security of Network and Information Systems (NIS2), and providing policy makers with factual information on ICANN's mission and remit. ICANN also follows developments in international law possibly affecting gTLDs, such as the negotiation and agreement of the second additional protocol to the Budapest convention.

Legislative Initiatives

  • European Union (EU) GDPR - The GDPR was adopted by the EU on 14 April 2016 and took effect on 25 May 2018 uniformly across the EU countries. ICANN organization executives, subject matter experts from various departments, and Board members are guiding the organization's activities related to the GDPR. More information can be found here.
  • EU NIS2 - The revision of the Directive on measures for a high common level of cybersecurity across the Union (NIS2) was adopted in November 2022. EU Member states will have 21 months from the entry into force of the directive in which to incorporate the provisions into their national law. The NIS2 directive imposes cybersecurity measures and cyber incident related reporting obligations to operators of essential and important entities and applies to all providers of DNS services, with the exception of root servers.
  • China Personal Information Protection Law (PIPL) - More information can be found here:

Other initiatives

  • Council of Europe

    The Second Additional Protocol to the Convention on Cybercrime and enhanced co-operation and disclosure of electronic evidence (also known as the Budapest Convention) was approved in November 2021 and opened for signature in May 2022. The protocol contains provisions related to registration data. It applies to countries and entities within those countries that have signed and ratified it.

ICANN Organization Internal Data Protection Practices

Click here for ICANN org's data protection practices related to use of the content and services available at or through any website operated by ICANN.

Resources for More Information

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."