GDPR walloped the domain industry in 2018.
[Editor’s note: this is the first in a series of articles covering the top stories of 2018. Many of the top posts this year are related, so I combined them into the top themes of the year.]
The top story of the year in the domain name business was GDPR. That’s short for General Data Protection Regulation, a new European Union law that took effect in May.
GDPR deals with privacy and data handling. Its most visible impact on the domain name industry is Whois. The law doesn’t directly address Whois information but many parties have interpreted it to mean that registrars and registries should not display personal information about domain name owners such as their name, address and phone number.
ICANN passed a temporary specification that allowed registrars to mask Whois information. Many registrars have taken this to the extreme, blocking all information from Whois other than dates and nameservers. No name. No email. No location.
Most registrars are still collecting this data. EPAG, a Tucows registrar, informed ICANN that it planned to stop collecting some information such as the non-registrant contacts (e.g. technical contacts). ICANN sued in German court to get an injunction but the courts denied its claims. The lawsuit wan’t particularly adversarial; while both parties think they’re right, what they really want is clarity on how GDPR will be interpreted.
GDPR applies to companies outside the EU but not to the personal information of non-EU citizens and residents, nor to businesses. Even though it doesn’t protect an American citizen in Texas, many registrars have treated all Whois records the same.
That’s not the case with the biggest registrar, however. GoDaddy (NYSE: GDDY) still displays information for non-EU customers. It only displays it on web-based Whois and not Port 43, which is a method of bulk and automated Whois lookups.
There are many practical implications of Whois going dark for many domains. For example, the old method of transferring a domain required the winning registrar to send an email to the domain registrant listed in Whois. That’s impossible when that information is obscured so a workaround was created.
It has also caused problems in the aftermarket. Marketplaces have implemented various procedures to verify domain ownership. Escrow companies have had to wait for confirmation that a domain is transferred. Buyers have less visibility into a domain’s chain of ownership. And UDRP providers have modified their workflow to account for Complainants filing cases against unknown parties. (Information in Whois is sometimes used to prove/disprove rights or legitimate interests in domains.)
There’s a big battle going on now to determine the future of Whois. Will Whois data slim down? Can certain parties get access to non-public data? Stay tuned.
We always pay the righteous for the sinners, I am also tired of the GDPR.
I’m a domainer and I’ve lost premium domains sales because of these EU rules which were made by the Facebook issue when selling this social network personal data of many of us and other people, from this fact Facebook for me is not the same.
Now we and I include myself, we have this problem. With the Whois, and the EU does not give up since those who write this GDRP do not make it clear from the beginning that it would affect other licit activities and we do not sell personal data of anybody in particular.
I believe that a major Domainer in the domain market, will write a letter to the EU on this Whois issue and others that can harm us and all sign this letter which should be delivered by a group of domainers from several countries affected by Whois, among others.
Happy Day. Jose.
I am located in UK and so fall under GDPR. Fortunately most of my domains are with Epik and a personal support ticket to them resulted in them doing a batch update to my profile to re-enable my WHOIS details. What a cheek the EU have in assuming I’d want my WHOIS details obfuscated without asking my permission…
With no WHOIS the Registry operators must make abuse contacts available!
.win operated by Pricewaterhousecoopers Ltd. Edgar Charles Andrew Lavarello does not have nic pages live. No abuse contacts can be found.
https://www.iana.org/domains/root/db/win.html
winners and losers under GDPR?
Winners: In the short run, ICANN registrars who implemented GDPR, since premium domain names will not be sold or transferred out to other registrars, due to the sales of those domains and they become auction candidates in the event the registrant forgot to renew or couldn’t afford to renew and expires .
All interested parties will reach for the registrar not the registrant if they need any information regarding the domain name.
Losers: All of us. Investors will not invest in domain names, domainers can not verify domain information and accordingly the number of domain names registered or renewed would decline, considering that 70% of the domain names registered are not in use. I hope that something would happen that registrars would at least give the opportunity to those who want to opt in GDPR, to do so, before it is too late.
barak: all the TLDs managed by PWC Pricewaterhousecoopers have had registry websites down for over a week now and no one is responding
if you need to report abuse maybe #PWC and #icann on twitter.
http://nic.win
http://nic.loan
http://nic.trade
all down!