The End Of WHOIS As We Know It

WHOIS is lining up to be the first victim of the General Data Protection Regulation (GDPR). It may soon be no more.

The Internet Corporation for the Assigned Names and Numbers (ICANN) is the international non-profit organization charged with defining rules that regulate domain registrations. ICANN requires registrars (like the Verisign’s and GoDaddy’s of the world) to transfer registrant contact information, like the registrant’s name, address, and email address, for entry into the publicly available WHOIS database. Failure of a registrar to provide this information could result in the registar losing ICANN accreditation.

Now enter the GDPR which becomes effective on May 25, 2018. The GDPR governs the collection of personal information within the EU and of information of EU residents that is collected outside of the EU, The GDPR has broad coverage, to say the least. The GDPR attempts to unify data protection rules among all EU member countries. The GDPR even governs personal information that is publicly available and provided voluntarily. Valid consent to collect information must be given in a manner dictated by the GDPR, and provisions in online terms will not suffice. Domain registration procedures do not obtain valid consent required by the GDPR.

Potential fines for violations of the GDPR put fear in the hearts of very privacy profession – up to the greater of €20 million or 4% of a company’s global revenue!

When weighing potential massive fines for violating the GDPR and a loss of certification from ICANN from failing to transfer the registrant data to the WHOIS database, registrars are likely to risk the ICANN consequences – and ICANN recognizes the predicament. As a matter of fact, registrars have already begun refusing to transfer the data.

ICANN has already received notice from an EU representative indicating that the WHOIS database does not comply with the GDPR requirements. The notice proposed alternative approaches that are probably prohibitively expensive for many registrars to implement. See here for a memo commissioned by ICANN from an outside law firm – it does not offer ICANN realistic options.

What Now?

It sounds like the WHOIS database’s days are numbered. What’s the downside? Identifying and contacting domain name registrants will become much more difficult. This can impact those seeking to acquire a domain name, or those seeking to enforce cybersquatter and trademark laws. Additionally, WHOIS is the best way to locate contact and server information when seeking to send a DMCA takedown notice for content that infringes a third party’s copyright. The WHOIS information is regularly used regularly by law enforcement.  Also, in order to file a complaint under the Uniform Dispute Resolution Policy (UDRP), you must use the WHOIS contact information – so that procedure will need to be modified.

The writing is on the wall. Access to WHOIS data is going to become much more restricted for data of EU citizens.


William S. Galkin
William S. Galkin
Mr. Galkin has dedicated his legal practice to representing Internet, e-commerce, computer technology and new media businesses across the U.S. and around the world. He serves as a trusted adviser to both startup and multinational corporations on their core commercial transactions including corporate formation and transitions, intellectual property, technology licensing and transfer, regulatory compliance, and agreements for online businesses. His broad experience gained during more than 20 years in practice allows him to provide cutting-edge, creative and efficient solutions to complex problems. Mr. Galkin has been an Adjunct Professor of Computer Law at the University of Maryland School of Law and Adjunct Professor of Business Law at the Merrick School of Business at the University of Baltimore, as well as the Chairperson of a panel on Crimes in Cyberspace for the 19th National Information Systems Security Conference (Sponsored by the National Security Agency). Mr. Galkin also authored the Maryland Intellectual Property and Technology Transactions Forms and Practice Manual, published by Data Trace Publishing. Mr. Galkin is also a member of Schwell Wimpfheimer & Associates LLP, with responsibility for technology transactions, which affiliation allows Mr. Galkin to provide a broad array of legal services to his clients. Additionally, he serves as Of Counsel to the Information Technology Group of one of the largest Israeli law firms, managing many U.S. transactions for the firm’s clients.

SOLD OUT! JOIN OUR WAITING LIST! It's not a virtual event. It's not a conference. It's not a seminar, a meeting, or a symposium. It's not about attracting a big crowd. It's not about making a profit, but rather about making a real difference. LEARN MORE HERE