Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will GDPR Kill WHOIS? (theregister.co.uk)

Posted by EditorDavid on from the Yes-ICANN dept.

Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN: Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."

Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."

3 of 215 comments (clear)

  1. Re:and GDPR is? by AmiMoJo · · Score: 5, Informative

    The General Data Protection Regulation is a new set of rules governing the use of personal data in the EU. Among other things, it doesn't allow personal data to be shared without good reason, and ICANN makes names, addresses and other contact details available in the WhoIs database.

    These rules have been on the horizon for years. It's not like they were suddenly announced yesterday. ICANN has had a long, long time to find a solution.

    In any case, the system has been broken for decades anyway, because a lot of domains are registered behind privacy shield services, where a company registers the domain on behalf of their customer without revealing that person's information.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Re:and GDPR is? by monkeyzoo · · Score: 5, Informative

    As the "submitter" I have to agree. The summary published actually doesn't contain anything I submitted, nor did I submit anything that it contains. So I guess they editorialized it extensively, which is fine. But it still bears my name, which is weird.

  3. Re:and GDPR is? by monkeyzoo · · Score: 5, Informative

    Importantly, Slashdot's editors failed, IMO, to maintain a key point in this submission, that ICANN has been basically negligent and delusional in ignoring this pending law and failing to take any action in the TWO YEARS since the law was passed. And then at the last minute they asked for a moratorium and said otherwise they won't be able to adhere to the law. If you read the many months worth of coverage that The Register has published on this, it is a mindblowing story of incompetence and irresponsibility by ICANN. (Read the Register link in the OP, and the related articles will guide you.)

    Submitted:

    In a letter sent to DNS overseer ICANN, Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.

    ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number.

    ICANN has already acknowledged it has no chance of doing so. The company warns that without being granted a special temporary exemption from the law, the system will fracture, perhaps even resulting in the Whois service being turned off completely while a replacement was developed.

    Critics point out that ICANN has largely brought these problems on itself, having ignored official warnings from the Article 29 Working Party for nearly a decade, and only taking the GDPR requirements seriously six months ago when there has been a clear two-year lead time.

    European agencies responded and tore ICANN's plan to shreds, pointing out that it needs to be much more precise and to include both compliance and auditing functions. Critically, however, it did not address ICANN's request for a moratorium.

    Even the idea of a moratorium appears to have been invented by ICANN. This is no evidence of a similar request from any other industry, and the GDPR is, after all, a globally applicable law that affects everyone.

    ---
    ICANN gives domain souks permission to tell it the answer to Whois privacy law debacle
    https://www.theregister.co.uk/...

    As GDPR draws close, ICANN suggests 12 conflicting ways to cure domain privacy pains
    https://www.theregister.co.uk/...

    Whois is dead as Europe hands DNS overlord ICANN its arse
    https://www.theregister.co.uk/...

    US government weighs in on GDPR-Whois debacle, orders ICANN to go probe GoDaddy
    https://www.theregister.co.uk/...

    ICANN takes Whois begging bowl to Europe, comes back empty
    https://www.theregister.co.uk/...

    Europe fires back at ICANN's delusional plan to overhaul Whois for GDPR by next, er, year
    https://www.theregister.co.uk/...

    https://www.icann.org/en/syste...

    https://www.icann.org/news/ann...