The ICANN WHOIS system is gone, the process for a GDPR compliant WHOIS has started!

 

After twelve months of endless discussions and a looming deadline, ICANN received information from the Art 29 Working Party. 

The EU Data Protection Authorities will not grant ICANN forbearance regarding the May 25th deadline when it comes to the WHOIS. Again the DPA’s re-confirmed their advise towards ICANN and does not deviate much from the advice they have provided ICANN since 2000.

The full press release from ICANN and the Article 29 WP letter can be read here.

Now that it is official there will be no forbearance regarding WHOIS, which was a silly request to begin with, registrars must shift into gear to get the WHOIS GDPR compliant.

Our solution will look like the screenshot below, though the below is subject to future change, I do not expect our GDPR solution will change drastically.

 

We will continue to display the country code and state field (if provided), due to the fact that it might be relevant for trademark lawyers.

The solution mentioned above is a mix of what ICANN has sent to the Art 29 WP, there is some advice incorporated from the ECO playbook. Last but not least we cherry-picked some elements from the WHOIS output solution by the Dutch Registry SIDN.

SIDN does not publish personal data of the registrants for many years now, so we have a great deal of experience with such WHOIS output and as a result, we have many operational procedures and solutions in place.

 

Reseller lookup tool
Our Reseller lookup tool is available here. We will also mention the link to this tool in the WHOIS output of the Realtime Register WHOIS server.
This tool allows people to look up the domain and the relevant reseller contact information.

As a data processor, we are limited in our role due to data protection laws, and we must refer to the data controller (our reseller) when it comes to domain name inquiries.
I think our lookup tool will be of great assistance for Law Enforcement Agencies, Trademark Lawyers, etc.

Most of our Dutch resellers will be very familiar with the above concept, as reseller data plays a significant role in the WHOIS for .NL domain names.

I expect that the WHOIS will become less relevant on May 25th and will have an effect on transfers.
Expect a blog post about the transfer details within a week.

Also, this blog describes the WHOIS server of Realtime Register, not the WHOIS servers operated by thick registries all over the world. It is possible that while we at a registrar level do not display personal data, a Thick WHOIS registry continues to show the data of your customers in their available public WHOIS…

ICANN Registrars express GDPR concerns to ICANN

Today the Registrar Stakeholder Group (RrSG) has joined its colleagues in the Registry Stakeholder Group, Eco Association of the Internet Industry and the Internet Infrastructure Coalition in raising its concerns with ICANN about GDPR.

The letter was drafted last week and got so much support from the registrar members that we could officially support it as a stakeholder group. Realtime Register B.V. was one of the supporters.

The letter to the ICANN CEO located here, can be described as “spicy,” or “\strong.” And I think it is with good reason. Since March 2016 a dedicated small group of registrars and registries have been pouring countless of hours of time in supporting ICANN with this complex issue called the GDPR, I cannot recall how many telephone conferences I had since March 2017 till this very day, but most likely an insane number for sure.

The problem?

ICANN contractual obligations force registries and registrars to publish the personal data in a public directory called the WHOIS. The GDPR does not allow data being used beyond its original purpose, which is the registration of the domain name.
When you order a product online; you provide the shop with information so they can deliver/ship your product. It is not up to the shop to publish all your data in a public directory and mention what product you purchased. You rather not have such data released for obvious reasons, not the whole world has to know what you bought last weekend, right?
This example I guess, highlights the entire issue with the WHOIS and the tension it creates with many data protection and privacy laws.

I understand if this letter might come on strong for some folks at the ICANN organization and perhaps some stakeholders within the ICANN community, but it is ten minutes to midnight for sure, and as contracted parties, we are all liable when it comes to the GDPR, and its massive fines, and not the ICANN community. Every hour we delay will cause more issues for us registrars and our customers.

Lucky enough a significant deal of the GDPR issues can be mitigated with the free Realtime Register privacy proxy services. And while that is convenient for our customers, not every registrar offers these services and as such, are entirely depended on solutions created by ICANN.

More information regarding our privacy services can be read here.