May 23, 2018

ICANN makes WHOIS changes before GDPR deadline

The move seeks to align WHOIS data privacy policies with GDPR norms to facilitate a common framework for gTLD registrations.

Domain registry

As the GDPR (General Data Protection and Regulation) deadline looms, internet authority ICANN have decided to make eleventh-hour changes to WHOIS data privacy policy in a bid to comply with GDPR norms. With this move, ICANN aims to provide a common framework for gTLD (generic top-level domain) services to all kinds of entities.

ICANN say that they have been working hard towards making DNS (Domain Name System) and WHOIS legal under the GDPR. They also claim that ICANN have been facing many obstacles with respect to compliance, one such being temporary registration of gTLDs to align themselves with ‘GDPR article 29 working party’.

According to the temporary registration policies, registry operators, as well as registrars, will be required to collect all information. It further states that on submitting a WHOIS query, the entity will only receive ‘thin data’ such as the status of registration, technical data and creation and expiry date of the domain name.

However, with the deadline for the GDPR approaching, ICANN say that they were expecting a year’s time to address the complications of WHOIS data privacy problems.

Speaking about this, a spokesperson for ICANN commented:

Unless there is a moratorium, we may no longer be able to (…) maintain WHOIS. Without resolution of these issues, the WHOIS system will become fragmented .

A fragmented WHOIS would no longer employ a common framework for generic top-level domain (gTLD) registration directory services.

ICANN express that the WHOIS case needs to be treated rather differently and should not be given the same timeline as other bodies in the domain registration ecosystem. Explaining this in detail, Cherine Chalaby, Chairperson at ICANN Board of Directors, commented:

WHOIS is an important system, and preserving it allows it to continue to act as a key tool in the ongoing fight against cybercrime, malicious actors, intellectual property infringement, and more.

ICANN’s role in providing the technical coordination of the globally distributed WHOIS system is a unique matter, including the public interest nature of WHOIS.

Industry experts claim that ICANN have been unsuccessful in locking down a policy with respect to providing reasonable access to data to third parties having a legitimate interest. It will be interesting to see how ICANN takes the bull by the horns to comply with GDPR.