At this stage, articles about GDPR are like Swedish summer flies; they probably (but not definitely) serve a purpose, nobody likes them and yet they are everywhere.
However, the other day we posted an article about the implications of GDPR on the WHOIS. The WHOIS is basically the public information about a domain name, including (but not limited to) owner information, contact information, name servers, current registrar and more. In short, GDPR will affect most top-level domains (i.e. .COM, .SE, .NET, .DE and so on). In most cases the public information accessible in the WHOIS will be drastically reduced, and in some cases even completely hidden from public eye.
ICANN, the body governing gTLD registration data (gTLD being a “generic” top-level domain, such as .COM, .NET and .ORG), has published a “Temporary Specification” that stipulates how contracted parties should treat WHOIS going forward. This temporary solution drastically reduces the public information in the WHOIS to only include Registrant organization (if provided), State/Province and Country. The specification will most likely be updated, tweaked and reformulated several times until May of 2019, when a permanent solution is to be formulated.
However, as we concluded in our earlier article, GDPR will have a real impact on the WHOIS, on the short term and most likely on the long term. Something that right now is sending ripples through the industry.
Most people involved in domain names, both at the supplier side (like yours truly) as well as on the client side, are probably feeling like their hands are tied right now.
Working with domain names, you are literally dealing with something that is intangible. Even though many find it hard to admit, there is often a sense of uncertainty with intangible things and consequently a need to have means of validating and make sure all is as it as it should be. The WHOIS is an objective and “true” statement on the current state of things. Wondering which registrar handles your specific domain name? Check the WHOIS. Wondering if the owner transfer of that .COM domain name you acquired for the launch of your new brand has been completed? Check the WHOIS. Wondering which person in your organisation that registered that .SE domain name once upon a time, and where it is administered today? Check the… Well, you get the idea.
With the loss of the “full” WHOIS, there is no more security blanket. Being able to do an external verification on the ownership, contact details and/or registrar on a specific domain name will now (depending on the top-level domain) be everything from hard to damn near impossible for most people.
Up until now, many organisations, large and small, have depended heavily on the WHOIS. A common scenario is that the responsibility of an organisation’s domain names is placed on someone in the IT-department that does not see the need to consolidate the domain name portfolio with one provider. Instead, the WHOIS of the domain names has been the thing that has been used to try to control the domain names that during the years have been scattered across different providers, with different contact/invoice details.
In some cases, that has worked without any business critical consequences. In other cases, it has not.
Looking at how the discussions are going, there is a likely possibility of a “layered” structure when it comes to accessing the full information in the WHOIS. This will potentially enable ICANN-accredited registrars and IP-firms involved in online brand protection to have access to more information, provided they have a “legitimate” interest.
If this is the case, the result will be a division where some parties are on the inside, and the rest on the outside.
From our perspective as a domain name registrar, being on the “inside” will greatly facilitate everything from being able to transfer domain names, carrying out domain name investigations, sending cease-and-desist letters and carrying out domain name disputes.
From a domain owner perspective, the need for consolidating domain names with an ICANN-accredited provider, preferably one involved in intellectual property management and/or online brand protection, has never been greater.