ICANN will have a month to stop exposing private registrant data in their public whois, thanks to GDPR.
The Whois public database of domain name registration details is dead.
In a letter [PDF] sent this week to DNS overseer ICANN, Europe’s data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.
It’s one of those “big if true” moment but i guess the fact that approximately 700 million people live in EU, should make ICANN pretty much have to follow this or, i don’t know, retroactively drop EU citizens access to their .com domain names, like what EU plans to do to UK citizens after Brexit?
Yeah, don’t think so. If this comes to fruition and ICANN really fully shutdown the current whois service and turns it into an opt-in, consent-based system, it’s a pretty fundamental change that will require a huge amount of work from all the sides involved, and a month deadline is rather tight. With how the current model of ICANN verification works, the weather forecast is cloudy with a side of PANIC felt by end users who suddenly see their domain suspended after not properly responding to the consent request.
I wouldn’t say that it’s not a welcome change though. Seeing how increasingly bad the abuse that a domain owner can receive after having their private data exposed through whois, this would add some level of hassle to the automation in spammers data collecting process, as well as killing the privacy as a service model of domain privacy, which in my opinion should be a shady remnants of the past.
Still, probably a good idea to read the opinions of people who are against this, such as this write up by Brian Krebs.