There has been a considerable debate whatever ICANN will enforce the contractual agreement between registrars and registries to display personal data in the WHOIS.
Publication of personal data in the WHOIS is usually in conflict with many data protection laws around the world.
The EU GDPR and the substantial fines seem to sway the discussion into a direction, for ICANN to come up with solutions and as such published several models for analysis to limit the publication of personal data in the WHOIS.
The models created by the ICANN Organisation can be viewed through the link below.
All the models published by the ICANN community are posted here.
The end of WHOIS?
The models proposed by the ICANN organization either have limited personal info published in the WHOIS and the two other models no longer publish personal data in the WHOIS.
The ECO model also has in common that there is no personal data published in the WHOIS.
So ultimately I think we are heading to a solution where registries and registrars no longer will publish person data in the WHOIS.
All models continue their support for data transfer to registries. In my opinion, this does not meet the EU GDPR data minimization principle, which I will explain in a future blog post.
Most beautiful model?
All models are not perfect, and I guess it comes down to the following requirements:
- Implementation time frame.
In my opinion, the ECO model fits those requirements.
In addition to this, the ECO model has the largest industry support, which is key critical for mass adoption.
The end of privacy protection services?
Should you still use the Realtime Register privacy protect service even when there will be no personal data published in the WHOIS in May 2018?
The short answer is, yes.
All proposed models might tackle the WHOIS issue; it does not address the issue of possible data breaches, increased legal requirements for you as a reseller, and other areas of GDPR noncompliance. Our privacy service does that, though perhaps we should rename our privacy service to Data Protection Compliance Services (DPCS).