The effects of the General Data Protection Regulation of the European Union on the WHOIS data base

The effects of the General Data Protection Regulation of the European Union on the WHOIS data base

In May 25, 2018, the European General Data Protection Regulation (GDPR) will enter into force and replace the European Data Protection Directive 95/46/EC. The later is currently the applicable law that harmonizes data privacy laws in the European Union.  Consumers are more and more concerned with the privacy of their data. With the constant evolution of technology, and the increase in the quantity of data collected, the 1995 Directive had to be updated to adapt. One of the changes concerns WHOIS databases. Indeed, the GDPR provides new standards concerning the way WHOISes work.

The WHOIS database contains the name and contact details of the registrant of a domain name. Currently, ICANN is looking to replace the WHOIS system with the Registration Directory Service (RDS). There are service providers, such as the IPzen Team, which can help you understand how to use the WHOIS or RDS. Such change will lead to different approaches regarding data storage and publication. On the one hand, judicial authorities and intellectual property practitioners try to have better access to data in order to act against cybercrimes, on the other hand privacy and data protection groups would rather obtain more restrictions on access and storage of data to protect the privacy of web

However, as of next May, the GDPR will set the standards regarding those issues. To do so, it imposes obligations upon businesses, registrars and registries. There is a concern that the standards within the next generation gTLD Registration Directory Service and in the GDPR won’t be compatible. Indeed, if a registrar or a registry complies with the new standards prescribed by ICANN, they might be in breach of the GDPR. WHOISes operated by registrars and registries will probably have to be handled differently. In front of the changes, a service provider can be of help to navigate through both the WHOIS and the RDS. But, should they follow the new provisions established by ICANN or by the GDPR? Both set sanctions in the event of a breach of their standards. The ones provided by the GDPR appear to be higher fines than the sanctions set by ICANN. Some registrars and registries have concluded that a breach of the next generation gTLD RDS is preferable than one of the GDPR.

ICANN discussed the matter at the Johannesburg meeting where it was decided to create an ad hoc group to determine how WHOIS are used. The aim is to collect what they call “user stories” to assess the degree of compliance with the GDPR. Thanks to it, ICANN will be able to align its RDS policy to the RGPD to facilitate the work of registrars and registries, which operate WHOIS databases.

Hopefully, a solution will have been found by May 2018. Otherwise, registrars and registries will have trouble complying with both the GDPR and the RDS. IPzen, a cloud-based software for intellectual property rights management, can help you with any issues that may arise regarding domain names. We provide assistance in uncovering domain name registrants’ identities. With the information obtained and in order to cease the violation of your rights, the IPzen Team helps you through an alternative dispute resolution action and then makes sure the transfer has gone through. IPzen also assists with registration or renewal of your domain names.