More news about ICANN and WHOIS

In  a recent blog I mentioned that, on behalf of the UK’s children’s organizations, I had written to the Chair of the Article 29 Working Group expressing concerns about the way the GDPR was being interpreted in respect of WHOIS data.  Remember WHOIS is the database law enforcement agencies and different elements of the internet security industry have used since the internet’s year dot to combat online crimes of every kind as well as a wide variety of scams.

The problem with WHOIS is that  maintaining it as an accurate and up to date record represents a cost and a lot of bother to Registries and Registrars. They would rather be shut of it altogether. As long as the punters pay for their domains why  should they care?  Registries and Registrars are ICANN’s effective paymasters  so ICANN is forever kicking the can down the road whenever WHOIS gets a mention. (John – aren’t you being a little harsh? Maybe, but I was provoked. Btw it is not a good idea to talk to yourself in public like this. People will get entirely the wrong/right idea).

Anyway I have had a message  from the Chair of Article 29 saying that a full reply is on its way (watch this space) but the same message also pointed me toward a statement  issued last week by Article 29.

Two interesting snippets from the statement:

Article 29 say they have been “offering guidance” to ICANN on the matter of WHOIS since  2003. They go on to note, however, that

ICANN’s GDPR compliance process appears to have been formally initiated in the course of 2017, which may be part of the reason why stakeholders are concerned over the entry into application of the GDPR on 25 May 2018.”

Ouch. Does this speak to ICANN’s arrogance or incompetence? Perhaps both.

Finally Article 29 points out that no data protection authority has the power to suspend or delay the implementation of the law but adding

“Data protection authorities may, however, take into consideration the measures which have already been taken or which are underway when determining the appropriate regulatory response upon receiving…complaints.”

The match is not over but I would say Article 29 won that set hands down.