Shane Tews is the president of Logan Circle Strategies. you can follow her @ShaneTews.
In May, in a radical change in privacy and data protection regulations, the European Union (EU) General Data Privacy Regulation (GDPR) is expected to come into force. The GDPR was designed to harmonize data protection laws for all EU citizens. It replaces a number of data protection directives that currently deal with the collection and export of personal data outside the EU. But the rules will also bring new challenges for those handling international internet-enabled data transfers.
The Internet Corporation for Assigned Names and Numbers (ICANN) currently maintains a large “who’s who” database of web addresses, known as the “WHOIS” service. the WHOIS database collects and disseminates information about who administers, manages and holds contractual responsibilities for domain names. For example, the WHOIS database allows someone to find who manages the google.com domain and provides contact details for the domain owner so that they can be contacted in the event that google.com is being used to send spam or host illegal content. WHOIS is often used by law enforcement agencies to investigate computer crimes and intellectual property rights holders to protect their brands.
Some of the information in the WHOIS database, such as names and contact details, could be considered private data under EU law and be subject to GDPR prohibitions on sharing data without the express consent of ‘an individual and other processing limitations. This could mean that law enforcement agencies, consumer protection agencies, trademark and intellectual property protection advocates, and cybersecurity experts seeking to protect citizens, and their corporate products may fail. be able to access the contact information they once had in a pre-GDPR world. Without changes to the way WHOIS data is handled, rights holders, law enforcement and IT security companies will have access to much less information about who is contractually responsible for a domain. .
ICANN is revision several new WHOIS compliance models that may change the current unrestricted access model where anyone can search WHOIS data to a tiered access model for data collection. Some other models require consent procedures and processes for third parties to access, per GDPR guidelines, and others keep most data out of reach, with a few exceptions.
The important factor in all of these proposed new database models under consideration by ICANN is determining what data can be made public and how that will affect the entities that search for the data. The crucial question for those looking for information to protect injured parties is how to access the data and whether it will be available to remove a domain name that causes damage and possibly promotes illegal activity.
The chosen outcome of ICANN’s new model will impact the collection, storage, display, transfer and retention of domain ownership data.
The biggest challenge is keeping the balance of trust on the internet and managing the flow of information between parties for specific content. Free expression and the flow of information online are fundamental to the functioning of the Internet. For this to continue, there must be a level of trust in the person sending the information and that the information being sent is accurate. The producers of “fake news”, stolen content, illegal markets and illicit content on the dark web are enough of a challenge. Online actors who know how to be deceptive in their own way can sneak into online networks to protect themselves. It would be a shame if the well-intentioned GDPR became one of their business tools.