Good luck figuring out what individual in the EU owns a domain name.
The European Union will begin enforcing its General Data Protection Regulation (GDPR) in May of 2018. As I’ve written about before, this will have a major impact on Whois.
How big? Well, I have jokingly included this image in my August story of what Whois could look like:
Turns out I’m not that far off. Consider what the world’s second largest registrar, Tucows/Enom, suggests that a public record for an individual in the European Union will look like:
Note that this Whois record doesn’t even have a forwarding address for email!
Think of the impacts this will have on domain name investors trying to buy domains or verify ownership. I also wonder how this will work when transferring a domain name. Even Whois updates in which contacts must be emailed will be an issue.
[clickToTweet tweet=”This is what a Whois record might look like in 2018″ quote=”This is what a Whois record might look like in 2018″ theme=”style1″]
The answer might lie in gated Whois. In a blog post, Enom states:
…we plan to provide authenticated access in a specific and limited manner, so that those with legitimate reason to request personal data can access the information they require while the privacy of individuals remains protected.
Who has a legitimate reason? Enom notes a couple of examples:
Think about, for example, an intellectual property lawyer who wants to know the owner of a domain in order to submit a trademark dispute, or a law enforcement officer tracking down the people behind a phishing scheme; they should be able to find out who owns the domain name under investigation.
It will be interesting to see who is considered to have a legitimate reason to view at least some part of the Whois record.
Although the regulation will only impact individuals in the EU for now, we could see this sort of Whois change apply across the world in the future. Again, from Enom’s blog post:
While the GDPR only applies to EU-local individuals, there are data privacy and protection regulations in many other places around the world, which render a public Whois highly problematic, if not unlawful. With this in mind, what we know for sure is that we will no longer be able to publish personal data for any EU-located individual in the public Whois. What remains an open question is if we will continue to publish personal data for registrants based outside of the EU; we don’t yet have a final answer on that, and we’ll work through this issue over the next few months.
This change is going to have a big impact on almost everyone in the domain name industry.
John Berryhill says
“Think about, for example, an intellectual property lawyer who wants to know the owner of a domain in order to submit a trademark dispute”
…or anyone else who says they are a lawyer and wants to know because they say they need it for that purpose.
The idea that a registrar has some way to (a) identify anyone on the planet as a a lawyer, or (b) determine whether there is a trademark conflict with the domain name, is just plain stupid.
The “lawyer seeking to know for a legal dispute” situation is indistinguishable in any technically meaningful way from “some random person wants to know”.
jz says
Dumb dumb dumb…only eu registrars should have to follow this…why are companies in other countries forced to adhere to this? There should also be an opt out option..
Mike says
Let me make a prediction. I think that someone is going to sue the arse off DomainTools.com for giving out Personal Data . Wait and see.
Andrea Paladini says
Your prediction makes sense.
I was wondering how DomanTools is allowed to profit from stored Whois records anyway?
Please keep in mind that Whois data are public, accessibile to anyone free of charge.
ICANN Whois terms are as follows:
“You agree to use this data only for lawful purposes and further agree not to use this data (i) to allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited, commercial advertising, or (ii) to enable high volume, automated, electronic processes to collect or compile this data for any purpose, including without limitation mining this data for your own personal or commercial purposes.”
Do DomainTools have an agreement in place with ICANN to commercially exploit Whois data or what? or are they operating abusively?
I asked this question to Ammar Kubba, he never responded.
John says
Personally I welcome this new Law. Why wouldn’t most owners of domains welcome this ? Seriously.
jz says
Uh because if you want to get and buy a domain from someone…how will you get thethe info? And if you want to sell a domain forget about inbound inquiries. You will be forces to lost on a marketplace and give up 15%. Also if you want to send out a couple emails to sell a domain you can forget about using whois to find contacts… I could go and on.
Michael Anthony Castello says
This will be a boom for brokers in Europe.
Nick says
I never understand how can countries pass laws for companies in other countries. What if another country passes a law saying all companies in their country have to show all whois data for all customers. As for this law, seems like if someone doesn’t even want privacy email forwarding . Then they don’t want to buy or sell their domain at all. So leave them alone.
Acro says
Finally, the days of everyone and their grandma becoming a “broker” will be over.
cybertonic says
This is going to be a game changer in the domain space complicating a lot escrow, brokering, due diligence, ownership proof, … but also will give new services opportunities…
Wolfgang Möcklin says
How will this possibly affect the inter-registrar domain transfer process? For example in respect to retrieving admin emails for transfer authentication and confirmation emails.
Ale says
I’d like to know what Escrow.com think about this. This is a conspiracy against domainers and a conspiracy to devalue domain names helping Sedo and company…This is only a bastard conspiracy against domaining.
Andrea Paladini says
IMHO there will be an opt-out option for those who don’t want to adopt the “privacy by default” rules as per the GDPR in Europe.
I see a significant impact on providers of privacy services, but not on the domain industry as a whole.
@Acro: I think instead that soon “the days of everyone and their grandma becoming a domain investor will be over”, with a Darwinian selection.
I’m already noticing big domain drops from some “would-be” investor with portfolios of hundreds, thousands of poor, unsellable, pigeon shit-like, names. Even among some people who self-define themselves “domain expert” and make presentations during domaining conferences.
John Colascione says
Many changes will take place now; for instance, many paid Whois services will loose valuable features and subscriptions… Private registration revenue will dry up for registrars that sell that as it is no long needed. Many API services will become useless.