Run roh. The Domain Name System has said that it’s well aware of the GDPR deadlines, but sadly, it’s gonna miss the May 25th deadline. By about a year.
The domain name companies all got together and wrote a missive to the ICANN bosses saying whoops-a-daisy.
Mostly these domain flogging places are in Americaland, so maybe they thought they’d get away with ignoring it. Error. Because they’re selling domains to people in the EU, they have to suck up GDPR like the rest of us poor saps. Or face a 20m Euro fine (or 4% of their turnover, whichever is bigger).
As of now, when you buy a domain (like www.wedonotcareaboutgdprrules.io) all your personal data is published on the interwebs via whois. Unless you cough up extra for domain privacy.
Now, as you’ve probably worked out, this practise will be illegal under GDPR faff. I mean, let’s be fair for a moment. They have had over two years to get their act together. So no wonder they still need another year to comply. Right?
Get it together
ICANN asked domain registrars to suggest how they could get their act together. What happened was the release of a doc with a dozen different suggestions. All of which were a bit pants. Everyone argued. Nothing was sorted. And here we are.
Goran Marby (the CEO of ICANN) wrote to all 28 of the European data protection agencies saying:
“Hello, we’ve got no bloody idea what we’re doing, can you help by telling us what we should do and letting us off the 20m Euro fine? KTHXBYE!”*
ICANN proposed that all email addresses be swapped out for some randomised string. But whinged that would still take months and months to sort.
We’ll wait and see what happens. It might well be that registrars will just turn off the whois stuff. Meaning cops couldn’t get the info of www.wehatetheoldbill.com or any other illegal sites. Which would give them the right hump, I imagine.
What would you do to fix it? Let us know in the comments.
*This is a total lie, he didn’t say that at all. But, he did say something along those lines.