One of the most anticipated topics for discussion on the 60th ICANN meeting that has just come to an end in Abu Dhabi was the introduction of EU General Data Protection Regulation (GDPR). European Parliament adopted GDPR in May 2016. The articles that regulate storage and publication of EU citizens’ personal data contradict Whois rules that is a requirement imposed by ICANN on all registrars and registries. From May 2018 violating GDPR in European Union will result in multi-million files and clearly representatives of the domain industry are concerned with the situation.
However, the meeting in Abu Dhabi didn’t clarify the issue. ICANN representatives, in fact, made it clear that they had no idea what to do and, therefore registrars and registries can’t rely on the corporation to help them out. “GDPR is a law”, said ICANN President Göran Marby. “I didn’t come up with it, it didn’t come from ICANN policy, it’s the law. This is the first time we’ve seen any legislation that has a direct impact on our ability to make policies.”
Marby also pointed out that for now no one could say how GDPR would be implemented. The formation of the law enforcement practice and precedents in European courts could take years. ICANN Corporation signed a contract with a reputable Swedish law firm Hamilton to get a comprehensive legal review of the situation; however, its report doesn’t give ready-answers to all the questions. The corporation urged registrars and registries not only to study the issue themselves but also to share all valuable legal advice that can get.
The corporation also reported that until the situation is clear it wouldn’t impose sanctions on registrars and registries that are not complying with ICANN requirements to Whois, stipulated in the contract with ICANN, in case this was dictated by the need to comply with GDPR. In a nutshell, there is no definitive solution to the problem; however, as Domain Incite supposed, “The days of all Whois contact information published freely for all to see may well be numbered.”
