If ICANN completely kills whois, GDPR will only be one of their problems


Göran Marby, ICANN President and CEO, wrote a blog post about a possible unified access model that was published by ICANN for community input.

I don’t see much progress from ICANN since May that GDPR went into full effect and I don’t expect much to work from ICANN anyway. They expecting all work to be done from German courts or volunteers.

They screwed up domain names and the internet and now nothing good can come from these talks other than to completely kill WHOIS forever.

Here, I said it. We’ll see what happens.

But if ICANN completely kills whois and does not allow me to have all my whois info public, as I do now, GDPR will only be one of their problems.

Here is what Göran Marby wrote:

“The ICANN org has been working to further develop its proposal for a possible unified access model, in order to engage in discussions with the community and relevant data protection authorities. Following the June publication of the Framework Elements for a Unified Access Model for Continued Access to Full WHOIS Data [PDF, 93 KB], we have striven to deepen our understanding of the European Union’s General Data Protection Regulation (GDPR). Today, we published the Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion [PDF, 521 KB], and we are seeking your input on this proposal. Your feedback will be important as we continue our dialogue with the European Data Protection Board (EDPB) in order to seek legal clarity for any such access mechanism. Lowering the legal risks for data controllers/contracted parties is necessary to develop a workable unified access model.

This proposal is a working draft intended to facilitate further discussions with the EDPB and the ICANN community. It outlines basic parameters based on ICANN org’s current understanding of the GDPR, so that we can continue to seek input from the EDPB. Having clear guidance may increase legal certainty for data controllers about whether a unified access model could be implemented, as well as assist the community in the Expedited Policy Development Process (EPDP) to consider the Temporary Specification for gTLD Registration Data (Temp Spec).

As communicated before, ICANN org’s work to develop a proposed model is not intended to replace the community’s policy development process. Rather, we are seeking to be responsive to a range of stakeholder communications, including the EDPB’s statement on 27 May 2018 which noted “to develop and implement a WHOIS model which will enable legitimate uses by relevant stakeholders.” Additionally, there is a need for guidance about what may legally be permitted in a model so that this information can be factored into policy work.

While the Temp Spec requires access to non-public WHOIS data for those with legitimate purposes as defined by the law, registrars and registry operators have differing approaches to meeting that requirement. ICANN‘s proposal explores whether it is possible to develop an automated and unified approach across all gTLD registrars and registry operators in a manner consistent with the GDPR, including the obligations placed on data controllers.

This next iteration seeks to address and help clarify the technical and legal foundation upon which a unified access model could potentially be built. It does not attempt to design the final unified access model or how it could be implemented. The details, including how a model may be operationalized, would require further and deeper community discussion and engagement. Indeed, the Temp Spec’s annex contemplates and encourages further community discussions on this topic.

The proposal also includes various open questions, where we see the community’s opinions currently diverge. These include: whether authenticated users must provide a legitimate interest for each individual authenticated query; what the logging requirements should be; if the full WHOIS data set must be returned for authenticated query; who must provide access (registry, registrar, or both); whether there should be a fee for access; and whether there should be a centralized portal (operated by ICANN) from which authenticated users are able to perform queries of non-public WHOIS data.

We are seeking your input on all of these key issues, so please send your comments to gdpr@icann.org. As we continue to move forward, I will keep you apprised of our discussions with the EDPB. As always, you can find updates and other relevant documents at our Data Protection/Privacy Issues page.”


About Konstantinos Zournas

Studied Computer Engineering and Computer Science in London, UK and now living in Athens, Greece. Love domains and building websites. Went online in 1995, learned about HTML in 1996 and about domains in 2002. Started publishing the OnlineDomain.com blog in 2012.


  1. Eurocrats + Bureaucrats = Disaster.

  2. Yeah how’s that “transition” from US oversight looking now…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.