Oct 5, 2017 - by Elisa Cooper

GDPR and the Future of WHOIS

Why does all of the discussion around potential options for WHOIS in the era of the EU’s GDPR (General Data Protection Regulation) feel like déjà vu?

Is it because issues around WHOIS never really go away, and become a hot topic every few years?

Is it because no one is really happy with the current system? Privacy advocates would be delighted to do away with it altogether, while business and Intellectual Property professionals press for improvements to accuracy and availability, which I fully support.

Is it because the notion of tiered-access was first socialized back in 2013 by the Expert Working Group on gTLD Directory Services when they proposed “a new system in which gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use.”

At that time, the idea of completely overhauling the existing WHOIS system seemed like a monumental task – one that would be complex and time-consuming. Case-in-point, Verisign’s move to Thick WHOIS which was directed by the ICANN Board of Directors in early 2014 is still in process.

Yet here we are, just eight months away from when the EU’s GDPR will take effect, and it seems as though no one really knows how it will impact WHOIS. For thin registries, will European registrars (or those with European registrants) simply stop making WHOIS info available, or will they provide limited WHOIS information? Or will privacy/proxy become the standard? Will ICANN require European registries (or those with registrants in the EU) to complete an RSEP (Registry Service Evaluation Process) so that they can comply with the new regulation? Will the requirements for making WHOIS available change for every registrar and registry, not just those in the EU? Will registrars and registries have enough time to implement these changes? What kind of guidance will ICANN provide? The list of questions I could pose could easily go on, and the more I think about it, the more concerned I become.

All that said, there is no question that the upcoming rollout of the GDPR represents the most significant change to privacy policy in decades, yet it’s increasingly clear that the impact to publicly available WHOIS data is up in the air with just eight months to go. Fortunately, there is some time left, and I am hopeful that the ICANN community can work together at the upcoming meeting in Abu Dhabi to quickly identify a path forward. We really have no other option - time waits for no one, not even ICANN.

Tags: TAG1, TAG2, TAG3, TAG4

  • Nov 28, 2018 - by Matt Serlin
    The EPDP Initial Report: Forward Progress Yet Much Work Remains

    Here in the United States, we recently celebrated Thanksgiving and with that, we now enter the last weeks of 2018. I’ve spent much of this past year involved in ICANN’s Expedited Policy Development Process (EPDP) for gTLD Registration Data and I’m happy to say our group has reached a historic milestone. Just last week, the group published its initial report for public comment (https://www.icann.org/public-comments/EPDP-gtld-registration-data-specs-initial-2018-11-21-en). I’d be remiss if I didn’t take this opportunity to thank the entire group for their good faith efforts in issuing this initial report.

    Read full post
  • Nov 8, 2018 - by Elisa Cooper
    Evaluating Corporate Registrars? What You May Be Overlooking.

    Maybe there is something in the air, but it seems like an increasing number of corporate legal departments are starting to reevaluate whether their current registrar is still the best option for them. Many have used the same registrar for over a decade, or have ended up as a client of a legacy provider when their registrar was acquired. Regardless of whether companies are looking for better service, support, expertise or technology, evaluating other options every few years can be a worthwhile endeavor.

    Read full post

  • Elisa Cooper

    Bringing with her 20 years of marketing experience, Elisa Cooper joined Brandsight in 2017 to lead the organization’s marketing strategy and execution. A domain name industry veteran, Elisa has worked closely with many Fortune 1000 companies in assisting with domain and brand protection policy development and has spoken and written extensively on these topics.

    Recent posts from Elisa Cooper

    Request a demo.

    See for yourself the power of Brandsight.

    Schedule a demo
    Brandsight web application