Those who want to find the contact details behind a site at the moment have a very easy time. Through the WhoIS protocol it is sufficient to just enter the web address on one of the different WhoIS sites and a whole series of information about the domain name holder of the site appears. This can be useful for those who need the contact details of the person or organization behind a site, but also for scammers.
This is now changing with the introduction of the GDPR in May. This European data protection law aims to improve the security of the private data of Internet users. In this case, this information from private individuals may not be publicly available, but can only be retrieved in ‘exceptional cases’. Whether it is an exceptional case, is decided by the authorities. In the field of WhoIS searches for companies that own a domain, nothing normally has to change.
In a letter to the overarching domain extension manager, Internet Corporation for Assigned Names and Numbers (ICANN), Europe’s data protection authorities know that the current WhoIS service is not in line with the GDPR. As a result, the service is illegal and will be banned from 25 May, unless ICANN finds a solution that complies with the GDPR.
Since the European authorities were not convinced of their proposals for a temporary solution and did not comply with the request to postpone the law until a definitive solution can be implemented, ICANN has about a month to provide a solution.
According to the company, that is not possible. “An exception to the law when we come up with a solution is the only option to not fully fragment the WhoIS service,” said Akram Atallah, president Global Domains Division at ICANN.
According to various critics, however, this is a problem that ICANN itself has caused. The company would have been receiving warnings about the questionable legacy of WhoIS for more than 10 years, and even the GDPR guidelines would only have started taking them seriously six months ago, even though they had already been introduced for two years.