Epik announced today important account changes related to European Union GDPR Compliance.
Beginning on May 25, whois details for EU customers will all be masked using Anonymize that is the free whois privacy offered by Epik to all its customers. Domains that are already registered at Epik to non-EU customers will not be modified.
For both EU and non-EU customers, new registrations and inbound transfers will have Anonymize turned ON by default.
If you are an EU citizen and wish your contact details to be displayed in public whois searches, then simply send an email to support@Epik.com requesting to opt in. (GDPR now requires us to obtain explicit consent.) I suggest that you do this today if you want to avoid any WHOIS interruption.
Epik will be locking all currently unlocked domains because from tomorrow domain transfers will not require a confirmation email from the registrant. Once unlocked, domains will re-lock automatically after a time.
Here are all the changes Epik announced today:
Companies and websites around the world are preparing to comply with the European General Data Protection Regulation (GDPR). This law restricts the way personal data is gathered, used, shared, and tracked. The goal is to guarantee privacy as a fundamental right. Even if you are not an EU citizen, you may see changes as providers adapt.
GDPR will affect domain names in two primary ways:
(1) WHOIS Data
Contact information associated with domain names is stored in a public “whois” database. All registrars are required by ICANN to do this. (For example: whois.epik.com.) However, GDPR now requires that personal information of EU citizens be hidden by default.
Fortunately for our customers, Epik already offers free whois privacy – known as “Anonymize”. (Other registrars charge about $10-20 per year per domain!) Our solution is as follows:
– Beginning on May 25, whois details for EU customers will all be masked using Anonymize.
– Domains that are already registered at Epik to non-EU customers will not be modified.
– For both EU and non-EU customers, new registrations and inbound transfers will have Anonymize turned ON by default.
– Whois profiles that have been stored as templates will also be adjusted so that Anonymize is turned ON.
Of course, you don’t need to be an EU citizen to turn Anonymize OFF/ON for domains within your Epik account. It is as easy as toggling a light switch.
If you are an EU citizen and wish your contact details to be displayed in public whois searches, then simply send an email to support@Epik.com requesting to opt in. (GDPR now requires us to obtain explicit consent.)
If a domain name is transferred to a new registrar, the new registrar cannot email the owner to verify approval. That’s because the whois email address at the old registrar may be hidden due to GDPR. Consequently, the domain transfer process at most registrars will now skip that step.
Arguably, this makes domains less secure. Don’t worry, though. Epik has you covered. We offer not 1 but 2 different forms of 2-factor authentication (2FA): text-message (SMS) and app-based (Google Authenticator). With 2FA enabled, nobody can log into your account without access to your phone. So they can’t unlock a domain for transfer. Epik also offers MaxLock, which prevents all outbound transfers. All of this is free.
As an added precaution, Epik will be locking all currently unlocked domains. Once unlocked, domains will re-lock automatically after a time.
For domain investors in the EU, Epik just became an even more obvious choice. At some registrars, they have simply broken WHOIS, essentially forcing their registrants to pay for WHOIS privacy. This is nuts.
– Privacy is and was free, and remains free. It actually forwards your email so you miss no inquiries.
– Domain parking pays out 100% of what we receive.
– Proceeds from marketplace sales and leases are paid out 100% and tax-free. If you redeem proceeds, you pay just 5%.
The choice is getting clearer.
Any questions, contact Joseph Peterson or I. Joseph has become the internal authority on GDPR.
The EU legislation is a big deal. The penalties for non-compliance could even wipe out entire registrars who failed to comply. Pay attention folks.
“Authority” is probably too strong a word. Now that ICANN’s mandatory whois system is largely illegal in the EU, and every registrar is making up their own conflicting rules, I think NOBODY speaks with authority about GDPR and whois. The best ICANN could do was scrape together a temporary “How about if we try this?”, which they voted on May 17. That gave the domain industry barely a week to react. We should all expect change, as ICANN, the U.S. government, and the EU figure themselves out.
Fortunately, I think Epik has settled on an interpretation of GDPR-compliant Whois that gives customers what they need – protection but flexibility, and hopefully with as little disruption as possible.