How much time does ICANN spend on compliance?
ICANN 73 Preparation Week is underway and on Tuesday ICANN Contractual compliance and consumer protection department provided an update on its activity.
The department enforces ICANN’s contracts with registries and registrars. They handle complaints from registrants and end users, conduct audits, and monitor the domain name industry.
During the presentation (login required), the compliance team announced that their adoption of Salesforce allowed them to slice their data around complaint volumes, compliance actions and other more granular details. He said transfer and renewal issues continued to be the most common sources of complaints (see image above).
Every upheaval in the domain industry has impacted compliance activity within ICANN. Events in the domain space and community pressure typically lead to increased compliance efforts.
For example, in 2007, the collapse of RegisterFly prompted Contractual Compliance to initiate audits and led to changes to the Registrar’s Accreditation Agreement that went into effect in 2009. gTLD led to the creation of a basic registry agreement with additional audit rights. Although growing community concern over DNS abuse has not granted ICANN the power to directly address maliciously registered or compromised domains, contractual compliance appears to be devoting more resources to to prove ensure that registrars and registries post (and follow) abuse reporting procedures and policies.
The GDPR, which removed most Whois data, had a significant impact on complaints. Since 2018, policy changes focused on personal data protection have reduced the total number of registration data complaints and increased the rejection rate of remaining attempts to collect information.
the complaint process is reasonably simple for registrants having problems with their registrars. This does not mean that the plaintiff will succeed. Contractual Compliance simply dismisses the vast majority of complaints as out of scope, moot, or otherwise invalid. As with ICANN’s DIDP process, submissions can miss the mark for a variety of reasons:
- In all categories of complaints, the main reason for rejection is the lack of information in the complaint
- Complaints about transfers are often moot by the time they are read
- Abuse complaints must first attempt to resolve the issue with the Registrar – if there is no record of this, the complaint is automatically dismissed
- Registrars are not obligated to maintain the accuracy of registration data on suspended domains, so complaints about suspended domains will never succeed
There were a few takeaways from Tuesday’s presentation. First, report as much information as possible and answer any follow-up questions promptly. Second, Contractual Compliance generally tries to resolve complaints before issuing a formal notice. So even though ICANN issues only a handful of formal compliance actions per month, valid complaints are handled in other ways.