© Leaders League
On May 17th, in anticipation of the now approved European General Data Protection Regulation (GDPR), the Internet Corporation for Assigned Names and Numbers (ICANN), an American organization tasked with accrediting registrars and enforcing WHOIS policies, approved a new and revised Temporary Specification for gTLD registration data to ensure its domain information policies meet the EU’s new data privacy rules.
WHOIS refers to the data directly related to a domain name, which includes a name, address, e-mail, phone number and other personal information. Limiting access to previously public data was met with disapproval by law enforcement agencies using WHOIS data to investigate cybercrimes. The International Trademark Association (INTA) protested the Temporary Specification by stating that restriction to WHOIS data will likely increase incidents involving online fraud and abuse. As a result, INTA is now asking stakeholders and IP practitioners worldwide to submit stories detailing the negative effects of restricting access to WHOIS data.
According to INTA, limiting access to the domain name database “fundamentally challenges the way legal practitioners protect their brands.” INTA members use the WHOIS database to track down individuals behind online counterfeiting, the distribution of malicious software and suspicious online behavior.
ICANN’s struggle with new EU data privacy legislation, however, was not resolved with the Temporary Specification. In late May, the US-based organization found itself in a tight spot after unsuccessfully filing an injunction which would force a German registrar to continue gathering people’s data. Arguing that the required WHOIS data was non-essential to set up a domain and that such a request would go against data privacy rights, a German court ruled against the injunction.
ICANN now faces pressure from both European data privacy regulators and international agencies such as INTA to regularize WHOIS data gathering and to make information about the individuals and businesses behind domain names public, all whilst complying with EU data privacy laws.