You have probably encountered pop-ups about privacy policy updates over the past year. These pop-ups are coming due to the General Data Protection Regulation (GDPR) put in place by the European Union to govern the collection, processing, and retention of personal data. The measures were affected in May last year.  

The regulations affect how access to the public WHOIS database is done. The WHOIS database contains details of owners of domain names as well as servers. Creators and copyright owners accessed the database to determine who infringes on their rights as part of their enforcement efforts. They could also identify other domains and related sites linked to a domain. With the European Union’s new rules, access to domain name databases is limited for data which falls under GDPR’s scope.

GDPR can allow you to access individuals’ personal data, process and store it only if you comply with the following ground rules:

  • You have to seek consent from the owner of the data you want to store
  • The data you are looking for is required for a contract the person got into
  • You should have a legal obligation to access the data
  • The data is important to protect the interests of the individuals.
  • The data is needed to administer justice

When registering a domain, you must provide your identity and contact information, including name, address and more. ICANN, an organization which coordinates the Domain Name System, oversees the registrations in the domain name database. It oversees companies providing domain names to site owners and registrars. It is the organization which requires registrars to update publicly accessible data-WHOIS service. The transparency and availability of WHOIS data is very important to the public because it is utilized regularly by members of journalism, law enforcement, security communities and intellectual property.

Today, ICANN is at a cross-roads, not knowing how it will make registrars comply with the EU rules while adhering to its WHOIS requirements. ICANN embarked on a path to develop a compliance model to handle the situation. The development of the model has not yet resolved the issue, but a lot has been going on behind the scenes. Needless to say, WHOIS and GDPR have not yet found a way of working together. Initially, ICANN announced that it would not take legal action against any registrar who doesn’t update WHOIS records to comply with the GDR. The European Union, however, is not comfortable with the approach.

As it stands, it will be difficult for creators and copyright owners to find the contacts of domain owners. The problem is getting bigger with registries starting to mask their contact information. Tracking domain name ownership will get more difficult with time in the wake of the GDPR rules. However, if you’re diligent enough, you can work around it and find a way to track domain ownership. You could use a reverse domain check to find some information as you continue the investigation. Additionally, legal action can be a viable option if you have grounds to do so.