Slashdot Mirror


Will GDPR Kill WHOIS? (theregister.co.uk)

Slashdot reader monkeyzoo shares the Register's report on a disturbing letter sent to ICANN: Europe's data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force... ICANN now has a little over a month to come up with a replacement to the decades-old service that covers millions of domain names and lists the personal contact details of domain registrants, including their name, email and telephone number. ICANN has already acknowledged it has no chance of doing so... The company warns that without being granted a special temporary exemption from the law, the system will fracture. ["Registries and registrars would likely implement varying levels of access to data depending on their interpretations of the law," ICANN warns.]
"ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law," writes the Register. "But its entire strategy was built on a fantasy."

Thursday the EU's data protection advisory group told the site that there's no provision in the GDPR for an "enforcement moratorium", and the Register adds that the EU's data protection advisory group "is clearly baffled by ICANN's repeated requests for something that doesn't exist."

2 of 215 comments (clear)

  1. Please, I'm Special! by Artagel · · Score: 5, Insightful

    Well, this is one in a long line of people applying for exemptions to laws because they are special. The usual answer is, no, you are not special. It isn't for the administrative apparatus to get rid of the law it administers, it is for the political body responsible for the measure to pass a corrective measure.

    Presumably one would have to contact domain name holders through their registrars without knowing who the registrant is. The system is not transparent, but it is private.

  2. Re:The Internet needs WHOIS records today by Zocalo · · Score: 5, Insightful

    They've had two years since the GDPR was signed to law to prepare, and arguably *ten* years since the working group tasked with creating the GDPR first started outlining what they were going to propose to assess the likely impacts. ICANN have had plenty of time to "adjust" - and that other WHOIS providers around the world have adjusted is evidence of that - but chose to stick their head in the sand and claim it had nothing to do with them then, when it became obvious that was incorrect, to rely on something even their own legal counsel and contracted registrars told them was not going to fly. GDPR might be a vague legal quagmire for those that have to comply with it, but this, and the contractual mess it creates for their contracted registrars, is entirely down to ICANN's mismangement of the situation.

    --
    UNIX? They're not even circumcised! Savages!