Its board of directors Internet Corporation for Assigned Names and Numbers (ICANN) is reportedly running and not reaching. In the days left until application of the GDPR will have to find a way to convert the WHOIS tool, the main database that lists who owns domain names, to comply with the European Union's General Data Protection Regulation.
ICANN had asked for a year of grace to deal with the problems in the WHOIS data collection, but apparently did not succeed.
If there is no moratorium, we will no longer be able to WH maintain WHOIS. Without resolving these issues, the WHOIS system will be fragmented… A fragmented WHOIS will no longer be able to use a common framework for general top-level domain registration (gTLD) services.
This is bad…
Domain registration companies will be responsible and will have penalties from GDPR up to 20 million euros or 4% of the annual turnover, which may exceed 20 millions. them – whichever is greater. Another nasty side effect for domain registrars is that many of them now charge extra to keep domain owner information private. However, with the implementation of the GDPR for the protection of privacy, there will be no need for this service.
The GDPR will treat WHOIS as another set of data and not as an integral part of how the internet works, which is incredibly short-sighted.
Η intelligence expert Angela Gunn states: “Security researchers, researchers, webmasters, and ordinary people alike will pay dearly for hiding.
Or, as Cherine Chalaby, Chairman of the Board of ICANN, stated, “WHOIS is an important system and its maintenance allows us to have a key tool in the ongoing fight against cybercrime against malicious agents. The proposed model aims to prevent the fragmentation of WHOIS and to ensure that WHOIS will continue to be available. ICANN's role in providing technical coordination to the global WHOIS is a unique issue of a public interest nature. "
So what is the problem? Site registries still collect the data new registrations as they have always done. The data includes registration information, contact details of the domain owner as well as the technical support team/responsible. Most personal data will not be publicly available and if someone needs it, they will be able to access it through the providers. This can be done through an anonymous online form.
This creates a very serious issue. Domain registrants are required to publish the data in the WHOIS database of the global ICANN authority, which is in conflict with the requirements of the upcoming GDPR.
ICANN could not find a way to provide "reasonable access" to this data to third parties with "legitimate interests".
So many questions seem to remain, while the clock still spinning. Whether ICANN is ready or not, GDPR will take effect on May 25, 2018.