The General Data Protection Regulation (GDPR) is coming into action soon, 25 May to be exact. The GDPR’s aim is hand back control of data to citizens and residents of the EU. An additional aim is to simplify the regulatory process and environment for international business by way of the unification of the regulations throughout the EU. But will it make something’s more difficult?
Take for example the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN has a number of concerns with regards to the GDPR. ICANN runs and maintains the ‘Whois’ search function, the tool allows individuals to obtain information regarding registered domain names.
For example, if an individual runs a Whois search for www.lawdit.co.uk, that individual will see that the registrant of the domain name is a Lawdit Solicitors Limited. This tool is particularly useful, for example if I like a particular domain name, I can run a Whois search, find out the details of the domain name registrant and make that registrant an offer to sell to me the domain name. In many cases, a Whois search will provide the name, address and phone number of the registrant, and is easy to use, quick and free.
However, there are fears that that Whois search service may need to be shut down in order to comply with the GDPR. Or in other words, shut down to avoid any potential fines or litigation.
ICANN’s CEO, Göran Marby explained that there are plans in the works: “There are still fundamental decisions to be made about the whole model,” and “Discussion seems to be focussing on the accreditation model, as if everything else with GDPR compliance for Whois is decided. It’s not.”
The discussions relate to talks with the Governmental Advisory Committee (GAC). ICANN did want CAG to create a model that would allow accredited users access to the Whois search, this was rejected.
An official statement from GAC provided that “The GAC does not envision an operational role in designing and implementing the proposed accreditation programs,”
Europol’s cybercrime unit is not happy about potential loss of the Whois search. They have suggested the idea that domain registrars be compelled to provide Whois information to law enforcement agencies within a 24 hour window.
Whois May be gone in a couple of days, who-knows?