GDPR AND WHOIS

GDPR and WHOIS

The GDPR directly impacts the domain name system, most notability the WHOIS service and data that is collected, escrowed, transferred and displayed via public WHOIS by ICANN's contracted parties (Registries and Registrars). In light of the uncertainty around the implications of GDPR on WHOIS, ICANN announced in February 2018 that it would defer action against registries and registrars for noncompliance related to registration data, as long as it shares its model with ICANN Contractual Compliance and the Global Domains Division.^[1]

Processes

GDPR enforcement beings 25 May 2018 and there are several processes underway that are either impacted by or in response to the EU Regulation.

Next-Generation gTLD Registration Directory Service (RDS) to replace WHOIS (Next-Gen RDS) PDP

The Next Generation gTLD RDS to Replace WHOIS PDP Working Group was formed in November 2015 to define the purpose of collecting, maintaining and providing access to gTLD registration data, and to consider safeguards for protecting data, using the recommendations in the EWG's Final Report as an input to, and, if appropriate, as the foundation for a new gTLD policy.

Despite years of work on the WHOIS reform, the opportunity for

The "Cookbook"

On 8 March 2018, the ICANN Organization released its "Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation,"^[2] (or The Cookbook) including a description of the interim model, as well as explanation and rationale for its plan. The Cookbook also provides open question about several elements, seeking guidance from the community and DPAs.^[3]

Calzone Model

Accreditation Model

References