Company backtracks on plans to redact Whois…for now.
Two days after informing registrars that it planned to redact almost all information from Whois records to comply with the EU’s General Data Protection Regulation (GDPR), Afilias has put its plans on hold.
The registry for domain names such as .info and .mobi issued a press release this evening saying that it hopes European data protection entities and ICANN will work out a model.
Afilias today announced that it is temporarily suspending plans to limit the display of WHOIS data to comply with the EU General Data Protection Regulation (GDPR) currently scheduled to take effect on 25MAY2018. Afilias has received a number of questions about its plans, and anticipates that they may be affected by guidance from data protection authorities that has been requested by ICANN. This guidance is expected to be materially helpful in the community’s efforts to resolve the various issues surrounding GDPR requirements.
Afilias is participating in a number of community groups that are considering these issues, including as a principal in ICANN’s pilot implementation of the Registration Data Access Protocol (RDAP), a potential technical solution for enabling differentiated access to registration data depending on the legitimate purpose of the requestor. For example, law enforcement may need access to certain types of Personally Identifiable Information (PII), trademark guardians to other types, etc. RDAP enables the management of this access in an efficient and effective manner.
However, if the parties don’t come to a resolution, Afilias might go forward with its plans in order to comply with the law and avoid big fines.
As the deadline for GDPR implementation approaches, the community is working diligently in a number of areas to find solutions needed to balance a wide range of community interests. Afilias will continue working collaboratively within these groups in the expectation that appropriate solutions will be reached prior to the GDPR implementation date. Absent guidance from the data protection authorities, Afilias will reconsider its plans as appropriate to ensure compliance with GDPR.
It’s possible that Afilias announced its plans for Whois as a way to galvanize parties into coming up with a solution before May 25. Judging by the response, it might have been effective.