ICANN, the group in charge of the Domain Name System, is in a deadlock with the European Union's General Data Protection Regulation over the WHOIS database and that means there's internet trouble ahead.

The European Union (EU)'s General Data Protection Regulation (GDPR) protecting EU citizens' privacy takes effect on May 25, 2018. So far, so good. Who doesn't like privacy? But, many groups, including Internet Corporation for Assigned Names and Numbers (ICANN), which manages the Domain Name System (DNS), are completely unprepared for the new laws.

So, why does that matter to you? It matters because ICANN also runs the WHOIS public database of domain name owners. Everyone with any web domain must register not only their domain, but their names, addresses, email addresses, and phone numbers. GDPR requires companies to get affirmative consent for any personal information they collect on people within the European Union. If you violate the GDPR, your company can face fines of up to 4 percent of global annual revenues.


ICANN has long known that WHOIS has many privacy and security problems. To quote from the WHOIS history page: "WHOIS is at the center of long-running debate and study at ICANN, among other Internet governance institutions, and in the global Internet community. The evolution of the Internet ecosystem has created challenges for WHOIS in every area: accuracy, access, compliance, privacy, abuse and fraud, cost and policing. Questions have arisen about the fundamental design of WHOIS, which many believe is inadequate to meet the needs of today's Internet, much less the Internet of the future. Concerns about WHOIS obsolescence are equaled by concerns about the costs involved in changing or replacing WHOIS."

Knowing there's a problem and doing something about it are two different things. For years, ICANN knew WHOIS wouldn't work with GPDR. And, despite weekly meetings over the last two years ICANN couldn't come up with an answer. So, ICANN asked the GDPR Article 29 working party, the group in charge of enforcing GDPR in this specific area, to give ICANN at least another year to comply with the law.

That's so not happening. The Article 29 group replied that it "considers it of utmost importance that ICANN either reconsider or further evaluate its current approach". In short, no. No, you can't have more time.

ICANN replied, "Unless there is a moratorium, we may no longer be able ... maintain WHOIS. Without resolution of these issues, the WHOIS system will become fragmented. ... A fragmented WHOIS would no longer employ a common framework for generic top-level domain (gTLD) registration directory services."

That's bad...

Read more: DNS is about to get into a world of trouble with GDPR | ZDNet