Government is looking into Article 49 exceptions of GDPR.
David Redl, who runs the U.S. government’s National Telecommunications and Information Administration (NTIA), has repeatedly spoken against GDPR’s potential effects on Whois. Yesterday, at a meeting of National Security Telecommunications Advisory Committee (NSTAC), he gave further remarks about the issue and what the U.S. government is currently doing about it:
And so far, the EU’s guidance issued for implementing the GDPR is vague and insufficient. American companies and the U.S. government do not have an adequate basis on which to comply with the law.
We are seeking a broader interpretation of Article 49 of the GDPR, which provides exemptions for data transfers that are necessary for “important reasons of public interest.” This would not only address our concerns with regard to WHOIS, but would also address the potential interruption of U.S.-EU cooperation in many other public interest areas.
Absent a broader interpretation of Article 49, a short-term moratorium on GDPR enforcement with regard to WHOIS may be necessary. If not, then come May 25, we anticipate registries and registrars will stop providing access to WHOIS directories and services. The loss of access to WHOIS information will negatively affect law enforcement of cybercrimes, cybersecurity, and intellectual property rights protection activities globally. To all of you who know the importance of these issues, I ask that you make your voices heard.