Future of WHOIS access remains uncertain
The expedited policy development process (EPDP) team has published its initial report, the latest twist in ongoing efforts to ensure that the treatment of WHOIS data complies with the EU General Data Protection Regulation (GDPR). While the report is welcome, it also poses a number of questions. Clarity on future access to WHOIS data remains elusive, at least for now.
After ICANN adopted the Temporary Specification for gTLD Registration Data – which resulted in heavily redacted WHOIS data being made publicly available – the EPDP was initiated to review the specification and decide whether it should become an ICANN consensus policy as is, or with modifications (by 25 May 2019). The EPDP team’s initial report makes 22 recommendations, many of which are accompanied by questions for the community. This call for more input reflects the difficult nature of the negotiations to date, with the document itself stating that in some instances tentative agreement was made but that “team members did not reach agreement on many other areas of discussion”.
In terms of detail, on the question of what domain name information should be collected, the EPDP recommends that registrars collect a range of data, including the registrant’s name, address, phone number and email – in addition to a registrar abuse email address and phone number, and a (potentially optional) technical contact point. Recommendation eight then turns its attention to which of these data elements should be redacted in terms of the public database. The report suggests that while the registrar abuse contact phone and email would be publicly available, the registrant’s name, address (other than the state and country in which they reside), phone and email should be redacted. An anonymised email address – or link to a contact web form – would remain available.
Elsewhere, the document recommends that registrars be required to retain the specified data elements for a period of one year following the life of the registration. Turning to the UDRP and URS, the recommendation is that the requirements of the Temporary Specification be maintained until such time as these are superseded by recommendations from the Rights Protection Measures Working Group. The same was also said for the current requirements with respect to reasonable access to data; the status quo should be maintained until work on a system for standardised access to non-public registration data has been completed.
While there is a recommendation to keep the Temporary Specification’s existing ‘reasonable access’ obligations in place, the lack of criteria or guidance on what is reasonable has led to fragmented handling, which has hampered access, in practice, to the WHOIS information vital to enforcing against abusive registrations; brand owners must wait for the next stage of the EPDP’s work to conclude before we know how this will be addressed. We are not optimistic on access, and hope that ICANN itself might help discussions along by creating and operating a universal WHOIS so at least the process of accessing data is simpler for trademark owners, law enforcement and others with a legitimate need for accurate registrant information in a timely fashion.
Nick Wood, Com Laude