The General Data Protection Regulation (GDPR) will come into effect next month. One of the measures proposed by the new regulation and which should be implemented is its limitation baseof WHOIS data, which is of great concern to anti-piracy groups, who report that their work will become much more difficult.
Ο General Data Protection Regulation (GDPR) is a regulation that aims to protect EU citizens from breaches of privacy. The regulation will apply to all companies that process personal data of people residing in European Union, regardless of the place where the company.
Sanctions for non-compliance can be very serious. Although there is a tiered approach depending on the gravity of the infringement, fines of up to 4% of the annual turnover or 20 million, whichever is the higher, may be imposed.
Among the companies affected are domain name providers and registrars that publish the personal information of domain owners in the public WHOIS database. On the base is written the name, η διεύθυνση, οι αριθμοί τηλεφώνου και οι διευθύνσεις ηλεκτρονικού ταχυδρομείου του ατόμου ή του οργανισμού που διαθέτει κάποιο domain name, και συχνά οι πληροφορίες αυτές είναι ελεύθερες στο διαnetwork.
This creates a very serious issue. Domain registrants are required to publish the data in the WHOIS database of the global ICANN authority, which is in conflict with the requirements of the upcoming GDPR.
Such as explained in detail by EFF, ICANN is currently trying to resolve this conflict. The proposed temporary GDPR compliance model (PDF) predicts that registrars will continue to collect data for the WHOIS database but should not necessarily publish it, "allowing [in this way] the retention of data while continuing community discussions about the next generation of WHOIS."
But the proposed changes will inevitably restrict free access to WHOIS information, something that does not appeal to too many organizations and especially to entertainment industry groups such as MPAA, IFPI, RIAA and the Copyright Alliance Alliance).
In a letter to European Commission Vice-President Andrus Ansip, these groups and dozens of others warn that limited access to WHOIS will have serious implications for their ability to protect their intellectual property rights against "cybercriminals".
The letter is signed by 50 organizations dealing with intellectual property protection and expresses concern that ICANN's compliance with GDPR should take due account of proportionality, accountability and transparency.
"We firmly believe that this model does not properly take into account critical public and legitimate interests served by maintaining a sufficient amount of data that will be available to the public, while respecting the interests of registration companies with the introduction of a scalable system. of the personal data defined by the GDPR ", the groups report.
We firmly believe that the continuity of public domain e-mail availability of a domain owner, namely the email address given to the registrar when buying the domain that requires validation, is critical for a number of reasons.
EFF, on the other hand, states that the ability to communicate with a domain owner does not require the e-mail address to be disclosed.
"There are other cases in which it makes sense to allow citizens to contact the owner of a domain without requiring a court decision," the EFF writes.
But this could be achieved very simply if ICANN had a simple CAPTCHA-protected communication form that would provide the information it needed without publishing the owner's e-mail address.
What is happening with the WHOIS database on May 25 is unknown to anyone. In October of 2017, ICANN finally figured out that it would be affected by GDPR, which means that only by the end of 2017 it tries to make the conversions it needs to prevent 25 in May.
