It’s really quite simple.
So ICANN has received guidance from the Article 29 Working Party in Europe about ICANN’s proposed Whois model to comply with the General Data Protection Regulation (GDPR).
I’d summarize it as: nice try, but we are your overlords now. (Only in needlessly complex language.)
Regulation can be good, but regulation run amok can be bad.
I have a solution to solve GDPR as it related to Whois. It’s insanely simple.
When you register a domain name, there’s a box that asks “Are you a resident or citizen of the EU, or is your company based in the EU.”
If you check it, then you get free Whois privacy/proxy for every part of your Whois except for the Organization name.
What about all of the existing domains? The registrar should send an annual notice to all registrants. If the person qualifies, they can get this same privacy or proxy setting.
But what about people who miss this notice? What about people who don’t understand? What about people who move to the EU?
You know what? At some point, people have to take responsibility for themselves. The government can’t protect everything from happening.
I’m sure no one can poke holes in my ingenious plan.
OK, now let’s get back to solving real business problems and growing our businesses.
George Kirikos says
There’s an *enormous* problem with your proposal — no way for the army of privacy “consultants” to profit from it! They need a very expensive system to be adopted, one with ongoing maintenance and compliance costs to keep them employed. Your system is just too inexpensive and simplistic to be adopted, sorry!
Jean Guillon says
Yep…I also wonder if result is an objective with the GDRP…
Josh says
You know what your problem is Andrew? Common sense lol I agree an opt in option should be sufficient and as stated you need to take personal responsibility, the government is not able to protect everyone nor should they even intervene at times but that is a different topic 😉
JZ says
Perfect. Now if only they would listen!
tripeee says
This idea has been discussed by registries and registrars for months but in an opt out model.
Everyone gets Whois privacy and then you need to opt out if you want your details displayed
Volker Greimann says
Not even closely compliant. For starters, that form of censent is likely invalid. But GDPR also applies for non-european registrants with any registrars that process data in Europe. Yes, that includes Godaddy!
And what about additional contacts the registrant provides for his registration? Did they provide valid consent?
Please do your homework and read the excellent ECO Cookbook to understand the full extent of the issue.
Andrew Allemann says
I think you missed the sarcasm and the point I was trying to make in my post.
Bob says
Actually Andrew I think Volker was also being sarcastic 🙂
Andrew Allemann says
Sarcasm is so hard to get across in written form between people that don’t know each other 🙂
Bob says
Volker is nearly 7 feet tall and German so we’re never sure whether he’s sarcastic or not, we just try not to make him angry.
Laurent Callens says
Or “just” replace whois by a contact form on all TLDs. This would involve to also review all transfers procedures to remove FOA and create a central agency allowed to request registrant details to each registrar in case of credible dispute.
Rubens Kuhl says
To solve GDPR, USA will pass a law forbidding the existence of the EU. When EU does not comply, USA will bomb Europe. Problem solved.
Andrew Allemann says
In all seriousness, don’t be surprised if the U.S. passes a law mandating public Whois, setting up a showdown.
Rubens Kuhl says
Such a showdown would only give the entire European market to European contracted parties. US registries can already do exactly that on their own if they don’t care about the European market.
Andrew Allemann says
Right now the easy thing for registrars to do is just black out Whois. If the U.S. passes a law about U.S. residents then they can no longer take this “easy” way out.
Acro says
ICANN lost 99% of its spine when the US relinquished control over it. It now lost the remaining 1%.
Michael Anthony Castello says
This article is timely. Yesterday, I had this conversation with Zak Muscovitch, ICA Interim Counsel.
A suggestion for domain owners; ICA may want to urge them to create a whois.txt file. I am doing so with my domain names. My reasoning is that most of the registrars are forcing potential buyers to intermingle with their business models. Thus encumbering the dissemination of information and setting up roadblocks or detours for buyers looking to contact potential sellers. Since I am the domain owner, I can place a “whois information” link at the bottom of my home pages which places the power of that information back to the owner: https://www.daycare.com/whois.txt
The European Whois policy GDPR, while trying to protect personal information, in many ways limits those domain owners that may want that information available to the public for a variety of reasons. Whois.txt should be propagated and domain owners should take responsibility for their contact information. It is another means by which domain owners can flex their independent muscle in the use of their names.
Frank Schilling says
A version of this is what Uniregistry is doing.. Whois Privacy is free at Uniregistry.
Jane Doe says
Just provide an opt-out option
Dheerthan says
Jokes apart, Why don’t we simply let the domain owner decide? Those who opt-out of privacy may want to share the details, so let them. Other might want to protect their personal data, so be it.
In my experience, WHOIS has been both useful and trouble. There are instances where proxy email IDs and address where used for registration. If domain owners can be authenticated and made accountable, the web would be a better place. Imagine, if search engines could filter out websites involved in illegal and criminal activities but hiding behind anonymity.
Privacy is good for both superheros and villains alike. We should leverage crowd sourcing or blockhain or some kind of authority to pull out records of those who misuse the privacy provided.