The Internet Corporation for Assigned Names and Numbers (ICANN) has requested European data protection authorities (DPAs) to provide specific guidance on its Proposed Interim Compliance Model to comply with the European Union’s upcoming General Data Protection Regulation (GDPR) in regards to ICANN’s Whois database.
Whois enables people to obtain information regarding registered internet domains, which can include the domain holder’s (registrant) actual name, street address and phone number, among other things, unless the registrant provides privacy or proxy protected Whois data.
In letters to each of the 28 European member states’ DPAs and the European Data Protection Supervisor, ICANN asks the authorities to “help ICANN and the domain name registries and registrars to maintain the global Whois in its current form, through either clarification of the GDPR, a moratorium on enforcement or other relevant actions, until a revised Whois policy that balances these critical public interest perspectives may be developed and implemented.”
Absent this specific guidance, the integrity of the global Whois system and the organization’s ability to enforce Whois requirements after the GDPR becomes effective will be threatened, ICANN warned.
ICANN is concerned that continued ambiguity on the application of the GDPR to Whois may result in many domain name registries and registrars choosing not to publish or collect Whois data out of fear that they will be subject to significant fines following actions brought against them by the European DPAs.
ICANN says its 2,500 domain name registries and registrars need clear guidance and a moratorium so that they will not have enforcement actions brought against them while they implement changes to comply with the GDPR.
At the same time, the ICANN letter added, governments worldwide, law enforcement authorities, and those fighting abuse on the Internet are deeply concerned that blocked access to the global Whois may significantly harm the public interest, by blocking access to critical information which allow them to enforce other laws and protect consumers, critical infrastructure and intellectual property rights.