May 25, 2018 marks the day when the European Union’s General Data Protection Regulation takes effect. This EU law will have a significant impact on the businesses that process and control EU citizens’ data. WHOIS is a member of Domain Name industry that is likely to be affected by the new data protection regulations. It faces challenges as it works to comply with the regulations and uncertain guidelines from the European Union and the ICANN.
WHOIS provides a database that allows internet users to find domain name registrants. The registry’s future remains unclear due to the introduction of new regulations under GDPR. The new law will have material impact on WHOIS and alter its delivery, privacy and proxy services. Since GDPR is concerned with privacy and data protection, it will affect the kind of information that registrars collect about their consumers as well as the people or entities they share such information with.
When the EU’s GDPR takes effect, parties that conduct business with ICANN will be forced to adjust their operations. These include escrow firms, registries, and registrars. For instance, it is not clear whether the European registrars or the custodians of European registrants will limit the Whois information or stop it altogether. Privacy and proxy services are highly likely to be influenced by the new law.
ICANN will have a fair share of the effects of EU privacy law because it acts as a data controller. It is not known if ICANN will need the European registries to complete Registry Service Evaluation Process (RSEP) to attain compliance status. Currently, all the operators of gTLD are obligated to adhere to the RSEP when requesting for new registry serviceS. When GDPR comes into force, such arrangements are likely to change and affect the entire processes of requesting new registry facilities.
The manner in which registrars and registries operate largely contravenes the law. Besides, WHOIS is a threat to the safeguarding of the individuals’ privacy. Public distribution of identifiers and other particulars of domain owners tend to encourage commercial exploitation of information without the users’ approval. Under GDPR this is unlawful and calls for severe penalties. The regulation may necessitate a restructuring of the registry to make it hard for other companies who steal identities and trade with them. The new EU law is definitely going to have a significant impact on the WHOIS registry when it is introduced in May 2018.