GDPR and Domain Names – What You Need to Know

Hi everybody! I am the President of and I wrote this article for I share it here and hope it will help you all.

If you have received a flood of e-mails of privacy policy updates at the end of May 2018, it may be the first time you hear about GDPR, which means General regulations on data protection. This regulation, which takes effect May 25, 2018, has vast ramifications for the whole world but also for the whole of the Internet.

Today, I will discuss the impact of GDPR on the domain name system and WHOIS details.

WHOIS has been a feature of the Internet, dating back to the original ARPANET in 1982. This system allows anyone to see the owner of a domain name, such as This is important for world trade for a number of reasons:

  • You can identify who you are doing business with
  • You can sometimes identify whether one entity belongs to another
  • You can find alternative contact information for an individual or a hard-to-reach business.
  • You can determine the owner of a domain you want to buy in order to contact you and make an offer.

By the end of May 2018, ICANN, the Internet company for names and assigned numbers, which manages the global WHOIS system, acknowledged that the EU would not grant a requested extension to comply with the GDPR. ICANN had requested this extension several times in order to be able to develop a fully compliant solution that, at the same time, did not disrupt the trade.

This did not happen

So, what are the ramifications?

First, most registrars have decided to hide all WHOIS details for all domains, whether the registrants are resident or have their headquarters in the European Union. This has an impact on consumers in two ways:

  1. It substantially reduces the fees collected by registrars for the "domain confidentiality service" to replace WHOIS information with privacy transfer information protecting the domain owner's identity, all by facilitating the contact. These fees were an important source of revenue to offset the cost of other products, such as the domains themselves and even web hosting packages. All of these things are likely to cost more in the next 12 months as business costs have certainly not fallen suddenly and magically.
  2. It is now extremely difficult, especially for an individual or a small operator, to access the resources needed to determine the owner of a domain name. This has consequences for those who like to buy domains, but even more serious consequences for those who are scammed or who only benefit from poor service on the Internet. This change makes it easier for fraudsters to target individuals and even businesses, resulting in real financial losses.

Although it is likely that ICANN and domain registrars will eventually find a workable solution to this problem (our congratulations to GoDaddy for blocking WHOIS information only from those who reside in the European Union), in the meantime it is easy to see how this change is creating problems. The EU was very well intentioned with the adoption and introduction of this new regulation. Now, let's hope they take a second pass and help clean up the mess left in its wake.

As always, if you have any questions or want more details on the GDPR and its impact on the domain name system, I will be happy to converse by email. Contact me anytime!