Home / Blogs

General Data Protection Regulation and the Future of WHOIS

Why does all of the discussion around potential options for WHOIS in the era of the EU’s GDPR (General Data Protection Regulation) feel like déjà vu?

Is it because issues around WHOIS never really go away, and become a hot topic every few years?

Is it because no one is really happy with the current system? Privacy advocates would be delighted to do away with it altogether, while business and Intellectual Property professionals press for improvements to accuracy and availability, which I fully support.

Is it because the notion of tiered-access was first socialized back in 2013 by the Expert Working Group on gTLD Directory Services when they proposed “a new system in which gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use.”

At that time, the idea of completely overhauling the existing WHOIS system seemed like a monumental task—one that would be complex and time-consuming. Case-in-point, Verisign’s move to Thick WHOIS which was directed by the ICANN Board of Directors in early 2014 is still in process.

Yet here we are, just eight months away from when the EU’s GDPR will take effect, and it seems as though no one really knows how it will impact WHOIS. For thin registries, will European registrars (or those with European registrants) simply stop making WHOIS info available, or will they provide limited WHOIS information? Or will privacy/proxy become the standard? Will ICANN require European registries (or those with registrants in the EU) to complete an RSEP (Registry Service Evaluation Process) so that they can comply with the new regulation? Will the requirements for making WHOIS available change for every registrar and registry, not just those in the EU? Will registrars and registries have enough time to implement these changes? What kind of guidance will ICANN provide? The list of questions I could pose could easily go on, and the more I think about it, the more concerned I become.

All that said, there is no question that the upcoming rollout of the GDPR represents the most significant change to privacy policy in decades, yet it’s increasingly clear that the impact to publicly available WHOIS data is up in the air with just eight months to go. Fortunately, there is some time left, and I am hopeful that the ICANN community can work together at the upcoming meeting in Abu Dhabi to quickly identify a path forward. We really have no other option - time waits for no one, not even ICANN.

By Elisa Cooper, Head of Marketing, GoDaddy Corporate Domains

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix


Sponsored byDNIB.com