European registrars are becoming increasingly dissatisfied with ICANN's position on the retention of registrants' personal data. It would be more correct to say that ICANN, in fact, does not have a position, as the corporation seems unable to decide what course to take.
The 2013 Registrar Accreditation Agreement requires registrars to keep hold of registrant data for two years after they stop having a relationship with the customer. This provision violates the privacy laws of most EU countries as well as EU directives which stipulate that the retention of personal data should not exceed one year. As was previously reported, French registrar OVH asked ICANN to reconsider this point, providing a written legal opinion confirming that ICANN’s requirements are contrary to French laws. However, instead of resolving the issue quickly, ICANN took a pause and announced a public comment period, which, European registrars believe, has proven unreasonably long.
On Friday, Luxembourg’s registrar EuroDNS said it had requested a waiver of the data retention clauses as early as December 2, providing a written legal opinion, but still received no response. EuroDNS has signed the new accreditation agreement with ICANN, but as CEO Lutz Berneke says, the company does not intend to abide by the requirements which are illegal in Luxembourg.
Ireland’s Blacknight Solutions has refused to sign the new accreditation agreement at all. As Blacknight Solutions's CEO Michele Neylon writes in his blog, his company informed ICAAN that the agreement violated Irish laws and asked for changes to be made on September 17 of last year. However, no solution has been suggested, and it looks like registrars are running out of patience. “Why is it my problem that ICANN doesn’t understand EU law?” Neylon writes. "Why should our business be impacted negatively due to ICANN’s inability to listen?”
