GDPR And Domain Names - What You Need To Know

If you received an influx of updated privacy policy notice emails at the end of May 2018, that might've been the first time you heard of GDPR, which stands for General Data Protection Regulation. Taking effect on May 25, 2018, this regulation has wide ramifications for not only the entire world, but also the entire Internet.

Today, I'm going to discuss GDPR's impact on the domain name system and WHOIS details.

WHOIS has been a hallmark of the Internet, dating back to the original ARPANET in 1982. This system allows anyone to view the owner of a domain name, such as ihostingx.com. This is important to global commerce for a number of reasons:

• You can identify with whom you are conducting business
• You can sometimes identify whether or not one entity is owned by another
• You can find alternative contact information for a hard to reach individual or company
• You can determine the owner of a domain that you would like to purchase so you can reach out and make an offer

Towards the end of May 2018, ICANN, the Internet Corporation for Assigned Names and Numbers that manages the worldwide WHOIS system, recognized that the EU was not going to grant a requested extension for GDPR compliance. ICANN had requested this extension multiple times so that they could develop a fully-compliant solution that at the same time was not disruptive of commerce.

That didn't happen.

So what are the ramifications?

Well, for starters, most domain registrars have decided to hide all WHOIS details for all domains - whether or not the registrants reside, or are headquartered within, the European Union. This impacts consumers in two ways:

1. It decreases, essentially to zero, the fees that registrars collected for "domain privacy service" to replace WHOIS info with privacy forwarding information that protected the identity of the domain owner but still facilitated contact. These fees were an important source of revenue that helped to offset the cost of other products, such as domains themselves and even Web hosting plans. All of these things are likely to become more expensive over the next 12 months as companies' costs certainly have not suddenly and magically decreased.
   
   
2. It is now exponentially harder, particularly for an individual or small-time operator, to access the resources necessary to determine a domain name's owner. This has ramifications for those who like to buy domains, but even more serious ramifications for those who are defrauded or even just given poor service on the Internet. This change makes it significantly easier for fraudsters to prey upon individuals and even businesses, leading to real financial losses.

While it is likely that ICANN and domain registrars will eventually find a workable solution to this problem (our hats' off to GoDaddy for blocking WHOIS details only of those who reside in the EU), in the interim year or two, it is easy to see how this change creates problems. The EU was very well-intentioned with the passage and introduction of this new regulation. Now, here's hoping they take a second pass and help clean up the mess being left in its wake.

As always, if you have questions or would like more details on GDPR and its impact on the domain name system, I am happy to converse via email. Reach out to me any time!