The European Union’s new General Data Protection Regulation (GDPR) takes effect on May 25 2018 and is likely have serious effects on the manner that businesses who process and control EU citizens’ data conduct their operations.
WHOIS is one such company, a member of Domain Name industry, that will probably be affected by the regulations. The firm will need to move quickly if it is be in compliance with the from the European Union and the ICANN regulations and guidelines.
The WHOIS registry is a database that provides access to domain name registrants. How the business will operate under GDPR going forward is far from certain. In all likelihood WHOIS will have to alter its delivery, privacy and proxy services. The kind of information that registrars collect about their consumers will be affected along with the the people or entities they will be permitted to share this data with.
From May 24 2018, ICANN businesses will be forced to adjust their operations and procedures due to the introduction of GDPR. For instance, it has not yet been confirmed if European registrars or the custodians of European registrants will restrict WHOIS information or stop it completely. This is just one way in which privacy and proxy services are highly likely to be affected by GDPR.
As ICANN is a data controller is will, by and large, control how GDPR will affect EU privacy law. for instance, ICANN may require European registries to complete Registry Service Evaluation Process (RSEP) to achieve compliance status. At present all the operators of gTLD must comply the RSEP when requesting for new registry service. Once GDPR is in place these arrangements are likely to change and affect how new registry facilities are requested.
The current methodology behind how registrars and registries operate largely contravenes the new laws. Due to this WHOIS poses a danger to the safeguarding of the individuals’ privacy. Allow public access to details of domain owners may to encourage commercial exploitation of information without the users’ permission.
GDPR rules this as unlawful and imposes for severe financial penalties. The new regulations may necessitate an update in registry operations to make it difficult for other companies to attempt hacking this information for exploitative purposes.