Blog details



Our blog editor Vasiliki Antoniadou explores how GDPR will affect WHOIS.

Although GDPR is widely anticipated due to the strengthening of the individuals’ rights on their personal data, it is believed by some that its implementation on WHOIS would cause unintentional adverse consequences on the online intellectual property protection.

GDPR WHOIS implications

WHOIS is an ICANN’s  tool that identifies who is responsible for a domain name or an IP address by providing contact information such as name, email address, mailing address and phone number. WHOIS is extensively used in the enforcement of Intellectual Property rights and particularly trademarks against infringing websites. However, under the new GDPR it became clear that information of this nature that belongs to individuals should not be publicly available without consent.

Interim Model and WP29 reaction

After ICANN realised that it was not exempted by the data protection rules, it invited stakeholders to submit suggestions for a workable model. The possible compliance models which were created through this process included among others the adoption of anonymous addresses as opposed to specific contact details. The article 29 Working Party considered the proposed models of ICANN as a positive first attempt but not sufficiently compliant with GDPR.

What happens after May 25th 2018?

ICANN requested an at least one year extension of the enforcement deadline which was not provided by WP29. The lack of a workable model has lead a lot to fear that in May 25th 2018 WHOIS will adopt a blackout solution in order to avoid the stiff fines of up to 20 million euros or 4% of annual turnover. Until the implementation of a compliance model all currently available information, regardless if they belong to individuals or legal entities, will be placed behind a “wall” which will prevent access to the public.

Do you require assistance preparing your online business for GDPR and manage your data protection obligations once GDPR becomes applicable? Aphaia provides both GDPR adaptation consultancy services and Data Protection Officer outsourcing.

Prev post
GDPR deadline and GDPR compliance snake oil
May 7, 2018
Next post
GDPR and social media : EU Court on fan pages on Facebook
June 18, 2018

Leave a Comment