Public Whois Registry Likely to be Affected by GDPR

The EU GDPR Law will have a significant impact on the businesses that process and manage EU citizens’ data. WHOIS is a member of Domain Name sector that is likely to be affected by the new data protection legislation. The introduction of these new laws will be a delicate process for companies as they work to comply with the guidelines from the European Union and the ICANN.

WHOIS supplies a database where internet users to find domain name registrants. The registry’s future is under threat due to the introduction of new GDPR regulations. The new law will impact the work of WHOIS and alter its delivery, privacy and proxy services. As GDPR concerns privacy and data protection, it will affect the kind of information that registrars gather about their consumers as well as the people or bodies they share such data with.

When the EU’s GDPR comes into action, bodies that do business with ICANN will have to alter their processes. These types of company include escrow firms, registries, and registrars. For example, it is not clear whether the European registrars will restrict the Whois information or cut it altogether. Privacy and proxy services are highly likely to be affected by the new GDPR regulations.

ICANN will feel the the effects of EU privacy law because it operates as a data controller. It is not yet clear if ICANN will require the European registries to complete Registry Service Evaluation Process (RSEP) to achieve compliance status. At present, all the operators of gTLD are obligated to comply with the RSEP when requesting for new registry serviceS. When GDPR comes into effect, such arrangements may need to change and affect the entire processes of requesting new registry services.

The manner in which registrars and registries conduct their business largely does not comply with the law. WHOIS is a threat to the securing of the individuals’ personal privacy. Public distribution of identifiers and other particulars of domain owners normally encourage commercial exploitation of information without the users’ permission. Under GDPR this is illegal and calls for severe sanctions. The regulation may require a restructuring of the registry to make it difficult for other companies who steal identities and do business with them. The new EU legislation is definitely going to have a major impact on the WHOIS registry.

Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on and contact Emma at