ICANN made some last-minute changes in order to stay GDPR compliant. However, only time will show if the changes end up being enough.
Just like all domain name registration companies, ICANN could potentially be liable for up to €20 million or 4% of their annual turnover if they are determined to be violating the guidelines set by GDPR. Additionally, they may get sued for failing to comply within the given time-frame.
A lot of domain registration companies charge extra just to keep your domain contact information private. But now, when GDPR is about to change everything, the demand for such services is likely to dry up.
Cherine Chalaby from ICANN mentioned that WHOIS is an important system and preserving it means aiding the fight against cybercrime, intellectual property infringement, and malicious actors.
Immediately, a question pops up; since the WHOIS system was so crucial up to this point, how will it all work from now on? Simply put, the registrars will collect the data they’ve always collected. However, most personal data won’t be available for public display. The contact data will still be available through the registrar, but communication may be anonymized via email or web form.
ICANN has stated they will provide “reasonable access to third parties with legitimate interests”, but it’s still not a given this will fly under GDPR’s radar.
Essentially, every domain registration company has a different approach and not all of them are alike. Since the 25th of May is almost here, we’ll quickly see which one of them will end up having a suitable approach.