With Europe’s General Data Protection Regulation (“GDPR”) coming into effect on the 25 May 2018, the future of WHOIS is looking a little clearer (and barer) in view of ICANN’s recently published Proposed Interim Model for GDPR Compliance (“Model”). The effects of the GDPR are wide ranging. However, in terms of how this impacts WHOIS, the GDPR affects how registries and registrars list the personal information of domain name registrants in publicly accessible WHOIS directories.
WHOIS has long been a point of contention between ICANN and European registrars, as the requirement by ICANN to list the personal information of domain name registrants in publicly accessible WHOIS directories does not comply with EU data protection law.
However, the GDPR, which brings a new set of penalties for companies that do not adequately protect the personal data of users in Europe, has forced the discussion around the future of WHOIS.
The Model, also known as the ‘Calzone Model’ (a reference to the pizza analogy used by ICANN’S CEO during a recent webinar), proposes a number of changes to the accessibility of WHOIS information.
Whilst registries and registrars will still be required to collect the same amount of information as they were previously, only very limited information will be made available on WHOIS. ICANN has provided a sample of how WHOIS would look in the event that this Model is implemented.
As can be expected with such wholesale reforms, there are a number of changes that have garnered significant attention from brand owners and Intellectual Property professionals. In particular:
The impact of the Model is far reaching and is likely to change how online infringement issues are tackled. Whatever happens, questions remain over the long term future of WHOIS. Whilst this Model addresses the issue in the short term for the purposes of compliance with GDPR ahead of the May deadline, a long-term solution is still needed.