Font size:
Decrease - Increase +
Page background:
Ordinary White Black Blue
Letter spacing:
Ordinary Average Big
Images:
On Off
Disable visually impaired version close
Version for visually impaired people
News

ICANN’s temporary Whois policy comes into effect

24 may 2018

ICANN has approved the Temporary Specification for gTLD Registration Data due to the fact that tomorrow, May 25, the EU General Data Protection Regulation (GDPR) comes into effect. Its provisions contradict the requirements on registries’ and registrars’ data in Whois, stipulated by their contracts with ICANN. For an entire year ICANN was trying to compromise with the EU authorities to keep Whois as it was, but failed. As a result, the policy was approved at the last moment, eschewing the usual community processes. Domain Incite reports that this is the first time in ICANN’s history when it has invoked contractual clauses that allow it to create binding policy in a top-down fashion.

According to the GDPR requirements, the temporary policy envisages that a registrant’s personal information, including name, email addresses and phone, will be deleted from Whois. In place of these data, the page will remain blank, later to read REDACTED FOR PRIVACY. Instead, Whois will publish an anonymized email address or link to a web-based contact form. The changes will not concern domains that are already registered using commercial privacy/proxy services, although later ICANN plans to create an accreditation program for them. In addition, if a registrant wants the personal data to remain open in Whois, he or she has the right to demand open access for them.

The new policy’s main problem is who can access registrants’ personal data. Law enforcement agencies, courts working with domain disputes, escrow providers and ICANN itself continue to get access. However, the list does not include trademark lawyers, security service providers and consumer protection concerns, which may result in difficulties with countering illegal domain name use. The temporary policy says that “Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject.” The phrasing is obviously vague and, in fact, vests responsibility to provide access to personal data in each case with registries and registrars, who will be fined millions if they violate the GDPR.

The temporary policy has to be revised and renewed by the ICANN Board every 90 days, up to a maximum of one year.

Previous News Next news

Read also in the section "News"

2 october British Indian Ocean Territory’s .IO ccTLD reports $40 million turnover in 2023 2 october Coordination Center launches CC Academy project 30 september Greek TLD .ευ has only two websites five years after launch 30 september Cancellation ceremony of anniversary postcard issued for 30th anniversary of .RU domain 27 september Digital Dictation quiz to launch its 5th season in October 26 september Andorra's ccTLD Opens to Everyone, but Investors Should be Aware of the Risks
Contact us
+7 495 730-29-71 Call Ask a question
About the center What we do
Management structure
Contact information
Services WHOIS
WHOIS+
Domain selection
Trademark check
Domain security
Expiring domains
Media center News
Publications
Events
Domains .RU domain names
.РФ domain names
Domain name registrars
Official documents
Help Domains and trademarks
Information security
Internet literacy