October 25, 2017
Two Dutch domain name registries dot Amsterdam and FRL Registry (Friesland) are refusing to provide public access to Whois records stating that to do so would be in violation of both Dutch data protection legislation and also the EU General Data Protection Regulation (GDPR) due to come into effect in May 2018.
The aim of the GDPR is to harmonise data protection within the EU. It provides that EU citizens have the right to decide how their personal data is processed. Consent must be clear and affirmative and cannot be automatically included as a condition of access to the product or service on offer.
The GDPR while strengthening EU citizens data protection rights also poses problems for domain name registries who are obliged by ICANN rules to provide public Whois access. Registries who respect EU data protection regulations are in violation of ICANN regulations and vice versa.
Since the 1990’s, ICANN has obliged registries to publish the contact information of domain name owners in order to facilitate the action of trademark owners against cybersquatters and counterfeiters. Unfortunately, publication of domain name owners personal data created another set of problems. The data was used for a variety of illegal purposes, including spamming, scamming and identify theft to name but a few.
Private registration was developed as a means to protect domain name owners against these illegal activities. With private registration, a registrar registers the domain in the registrar’s name and with the registrar’s contact information instead of using the registrant’s name and contact details. This allows the registrar to comply with ICANN rules while at the same time protecting the privacy of domain name owners.
Privacy services, while protecting the personal data of law abiding domain name owners, has also led to a return to the original problem of making legal action against cybersquatters and counterfeiters more difficult for trademark owners. These owners have the option of contacting ICANN to request that the privacy be lifted to enable them to start legal proceedings. However, if ICANN refuses to comply, a court order against the privacy service is the only other solution, with all of the expense and delays that this entails.
With the coming into effect of the GDPR, the privacy problem will continue. Citizens right to privacy and data protection is in conflict with trademark owners right to protection against cybersquatting, counterfeiting and other illegal activity. The matter has been discussed within ICANN and by domain name registrars. However, a balance between both competing interests has yet to be found and is unlikely to emerge in the near future.
Stay tuned for updates by your IP Twin's team. email@example.com