The Health Internet

Governing principles for a .health top-level domain

World Health Organization; 15 May 2014

A trusted environment for the health Internet is essential and fully achievable. It is critical to health security, health and medical education, the protection of privacy and the promotion of public health on a societal scale. Health is a highly-regulated sector in most countries. However, the global nature of the Internet makes national laws difficult to enforce. Therefore, it is imperative that the management and operation of health-related generic top-level domains (gTLDs), including .health, be consistent with public health objectives in order to serve the public, civil society, governments and industry on a global scale.

In its Beijing Communiqué to the ICANN Board, the Governmental Advisory Committee (GAC) recommended the adoption of a set of generic safeguards in order to reinforce existing processes for raising and addressing concerns with certain strings, including health-related gTLDs. The GAC stressed that some strings, including health-related gTLDs, may require further targeted safeguards to address specific risks.

In light of the above, the World Health Organization calls on the ICANN Board to require the adoption without restriction, by any third party potentially eligible as operator of the .health gTLD, of the safeguards developed by the GAC as well as the following governing principles, and that together they should govern a future .health gTLD:

1. Governance and management

An appropriate governance model should be built-in from the outset, recognizing the essential contribution of the global health community and stakeholders – including civil society, academic institutions, professional associations, businesses, governments and international organizations – to the ongoing development of the health Internet and its use. In addition, the framework for the policies and practices should be consistent with legal and regulatory frameworks.

2. Transparency

In order to build public trust, policies and protocols should ensure transparency, fair process and accountability. Users should have timely, accessible and actionable information that may be relevant to their rights and interests. Principles of source credibility must be implemented, and transparency should be the guiding principle to allow consumers to determine the quality of the information posted.

3. Privacy and security

Consistency and effectiveness in data protection is fundamental, as society moves towards broader uses of personal information (including sensitive health and location-based information) that can be easily gathered, stored, analysed and shared. The .health gTLD should – at a minimum – abide by all applicable laws on privacy and data protection, including any health and medical laws. Internet users should be able to understand how their personal data may be used, exercise control over it, and be confident that it will be handled fairly and lawfully.

4. Codes of conduct

The .health gTLD registrars should implement codes of conduct that are underpinned by effective accountability mechanisms and enforceable under appropriate governmental authority. Codes of conduct should address the full range of concerns on the health Internet. These range from quality and reliability of health information sources to trustworthy products, services and practices, to conduct of illegal activity, including fraudulent, malicious, misleading and unfair practices.

5. Individual choice and control

Internet users should be able to exercise control over the data that is disclosed about them. They should therefore be able to limit the sharing of their data with third parties (including, among other things, for research and marketing purposes) and to revise their decisions at any time.

6. Legal and regulatory framework

Policies for the .health gTLD should ensure protection of fundamental rights, as well as a process to protect those rights. There should be fair, effective and timely mechanisms to address complaints, without a fee, and effective ways to resolve disputes and obtain compensation. In all cases, illicit activity must be promptly acted against.

7. Global services

Health providers and businesses should be able to deliver health products and services over the Internet in a manner that promotes interoperability of services and technologies, where appropriate, while ensuring legitimate activity. Users should be able to access and generate lawful content and run applications. Marketing practices, even where lawful, should not create a risk of harm to consumers; sufficient information about the terms, conditions, and costs associated with a transaction should enable them to make informed decisions.

Adoption of such appropriate and sound governance, principles and rules for the .health gTLD would establish a safe and reliable space on the Internet for health, beyond that which is possible now. Across the world the Internet holds great promise for improving the access of people to health knowledge and care. “Health” is one of the most searched-for topics online as people seek information and products for themselves and their families. Health institutions and industry are part of this trend – sharing patient records, providing services and conducting the business of health. These Governing Principles and GAC safeguards would offer the transparency, quality, security and control needed for online health services to thrive, while protecting consumers and industry from the serious fraud and abuse prevalent today. Further, a reliable and trustworthy Internet would enable the exchange of sensitive health information during joint action in emergencies such as disease outbreaks and natural disasters, and enhance the capability of health authorities to share and analyse diverse data from many sources. Establishing much-needed governing principles for the .health gTLD is the key to ensuring the Internet can play its proper role in supporting global public health.