eta: One of the big reasons ICANN can't do the sensible thing and just discontinue whois is that it is heavily influenced by the big copyright corporations who presently can start enforcement against a domain by lookup in whois. Once whois is gone they will have to use legal process to compel registrars to reveal the identity of domain owners.
> We do not believe a moratorium on enforcement of the law should be granted to ICANN.
Oh yes. I followed the link I gave and read all the linked articles and some of their links and some of the comments on it all. It's quite extraordinary and hilarious.
Note that this is not about discontinuing WHOIS, but discontinuing the collection of the "technical contact" and "administrative contact".
The domain owner's data are still collected, and this collection is still being carried out by the registrar without dispute (page 3, last sentence).
The argument is that if ICANN needs to contact someone with regards to a specific domain, contacting the domain owner should be sufficient, so ICANN's argument that they "need" the Tech-C and Admin-C aren't valid.
The court agreed with that, but note that at this point, this is only about a preliminary injunction.
Well, technically, the court agreed that you cannot be compelled to provide this information.
However, I don't see why not one could voluntarily provide this information, in which case providing invalid information would still probably be a breach of contract.
the other information could be empty https://whois.icann.org/en/lookup?name=google.com
Why am I not surprised that it's again the copyright leeches that are lobbying to make everything worse? Somehow it seems that they are the most prominent anti-consumer lobbying group these days.
Well, sounds like the way it is supposed to work... Besides, the ones they are trying to get with it have TLDs without whois requirement, are at cloudflare or use onion services alltogether.
a) non-US organizations/gov's have been critical of US hegemony of internet policy for some years - this also is a good way to attack that
b) various multinational treaty organizations have been attempting to create agreements where cross-jurisdictional legal actions are valid but haven't been very successful (see also TTIP) - some provisions in GPDR are another instance of this pattern, and would appear relevant here
c) logically, hiding website ownership also benefits large media entities as it facilitates a way to obscure ownership information across many domains, potentially making them appear more independent than they actually are
disclaimer: dont have direct insight on any of this
c) this doesn't stand up on closer examination. it was already possible if you had the money using shell/holding companies and the various privacy guard options registrars offer. besides, GDPR is mainly about individual's privacy.
b) maybe true, but irrelevant. there are plenty of domain registrars operating in Europe, which have to comply with European laws anyway.
a) absolutely, and fair point. however, ICANN's behaviour shows they were right to criticise this artificial hegemony over shared or national critical infrastructure (e.g. country or region-specific TLDs).
Doesn't WHOIS typically just show the registrar anyway?
The organization handling .nl, SIDN, has worked like this for a pretty long time. It's pretty much a solved problem. The data is available, just not to a lot of people.
When the registrant is a company it make sense to have admin and technical contact but then good practice for the last decade is to not have natural persons in those fields. If John Doe leaves the company then its a major pain to change contact information for 100+ domains, so from a pure practical reason it is better to have a company, role and the company address in the fields (except when local policy for each of the country code top-level domain demand something else). That information is naturally not protected by GDPR.
I'm not gonna link it here to not push it up in SERPs, but my blog is linked in my profile and the imprint is linked there.
Also sitting hacker jeopardy champion, huh? Nice :)
That being said: No, you cannot just hide the address in an image - that would be illegal (the imprint information needs to be "easily parseable").
Such a service enters a contract with the domain owner to forward (or scan and mail, or shred, or whatever) everything (or only non-spam) that is sent there.
The law is happy, because that is your address now, and failure to forward is something between you and the service you used; you bear all responsibility wrt the sender.
The author of a popular novel writing application offers that for his customers, as many write under a pen name and don‘t want their name to be publically known.
Other than that... nothing. You could employ a lawyer, but that would be expensive. You could get one of those „hire a post box“ services, but again, too expensive if not really used for business.
Some registrars offer that, but not for .de domains.
They're not too expensive, at least in the US. I an extra-small size PO box, and it costs the equivalent of $7 a month if rented yearly. Besides domain registrations, I've also used it as my mail forwarding address when moving, to help shake off junk-mail senders.
One thing that "would be funny" would be having the contact information show up only for IPs from Germany
The word has been chosen specifically and distinctly in this field of law so it can mean something specific, not the run-of-the-mill meaning of „commercial“.
You show ads (or Wordpress does for you in the free offering)? Geschäftsmäßig. For certain.
You have a web site with information that is interesting to many people (maybe how to repair bikes)? Geschäftsmäßig. Very probably.
You have a photo gallery of aunt Mary‘s 80th birthday. It‘s password protected, and you share the password only with family. Everyone else only sees the link text „Aunt Mary‘s birthday“ and noth8ng more? Not geschäftsmäßig. For certain.
Everything between examples two and three? Uncertain. Assuming „geschäftsmäßig“ is a good idea.
Privacy in Germany seems to be complicated, in one way some things are much more private, but you can't have a website without a mailing address.
It gets interesting when you‘re in any way, shape or form having a business (even a non-profit or a club — anything that is not personal). Suddenly there are other organizations that can be seen as competitors (another freelance designer, another sports club in town etc.).
And now you‘re not being fined by the state, you‘re being sued by other private parties. Because that‘s unfair business practices. You‘re not following the law, so you have an illicit advantage.
Typically it is mostly the tax office that cares about your commercial activities: if you sell stuff, they may want you to collect VAT. If you have regular income from those activities, you have to pay income tax, etc.
So my naive reading is that having ads is fine, because you are not actually selling something. Having professional information and getting paid is also fine. Having a hobby and occasionally selling something as part of your hobby is fine.
This person sometimes gets called ironically „Sitzredakteur“. „Sitting editor“. Not because he is currently the editor, as in „sitting president“, but because he‘s the one who is going to sit in prison.
The GDPR is about informed consent. Do you want a domain? Yes. Great, now we need your name, and we'll put it into the WHOIS. Do you consent? Yes. Great, here's your domain. No! Okay, then you might try a different TLD, that doesn't require WHOIS publication.
The part that the GDPR is very much up to the courts, is that whether WHOIS publication is necessary for the function of the domain. Because if not, then it can be argued that it's an undue burden and it should be a separate thing, so the lack of consent for it must not mean domain registration rejection. However, ICANN thinks differently about the issue.
It is not (e.g. see the paid privacy guard services), and the article 29 working party (WP29) has been telling them this since 2003. ICANN has been ignoring it for 15 years. Until now, there was no way to enforce that. And now they reap what they sowed, with registrars stuck in the middle.
The lawsuit was filed in order to get an official legal answer on the books as to how Whois data should be handled for GDPR. The easiest way to get actual precedent on the matter is to sue someone over it.
ICANN clearly wants to preserve the requirement around personal details in Whois data, while Tucows pretty much thinks that requirement goes against the spirit of GDPR. From your second link:
> ICANN’s goal, since discussions about the impact of the GDPR on domain registration began, has been to preserve as much of the status quo as possible. This has led ICANN to attempt to achieve GDPR-compliant domain registration via ‘process reduction’, as opposed to Tucows’ approach of starting with the GDPR and rebuilding from the ground up.
They may just not want to get sued by the MPAA et al over facilitating copyright infringement. Without WHOIS, pursuing rogue domains gets harder.
For law enforcement this isn't a problem. For scummy copyright lawyers looking to make a quick buck, maybe it is. Guess which of those funds ICANN? And how exactly would not making WHOIS info public "facilitat[e] copyright infringement"? Nobody is buying it.
> Tucows will continue to ensure that those with legitimate purposes, including law enforcement, intellectual property, and commercial litigation interests will have access to domain registrant information. On a daily basis, we see plenty of important circumstances wherein we find sharing that information to be legally necessary, and this will not change. We collect a contact for the owner of each domain name sold on our platforms, and have the ability to contact the owner. When necessary, we also share that contact with law enforcement and others with a legitimate interest.
So there's no loss of data access for those with legal right to it. It's just that there's no free public access.
Precedent is of little relevance in countries that use civil law (as opposed to common law like the US does) so establishing it sounds somewhat futile.
If ICANN leaves it at that, then with respect to the GDPR the situation is fine.
If ICANN decides to enforce their policies and for example starts excluding European registrars, then we have a completely new situation that goes way beyond the GDPR.
Note that the DNS root is technically the IANA function, which is operated by ICANN. A lot of what ICANN can do derives from that.
If the EU would withdraw support from that, then a lot of chaos is going to result. Chaos that is certainly not in the interest of the US government. So my guess is that at the end of the day, the EU can have their GDPR and ICANN will just to accept that.
A German registrar doesn't fulfill its contract with ICANN anymore. ICANN sues them at a German court to fulfill it. The court rules that the contract clause is illegal according to German law, so the registrar is not obliged to fulfill it.
Why should EU be nice to ICANN? (actually, they even have been nice for 15 years)
Why should EU be nice to UK? It's just tough negotiations where both parties try to close the best possible deal.
 There has been little if any compromise in the negotiations from the EU side, and much from the UK.
2. See 1. Also, there have been compromises, the UK wants to get unicorns. Full access to the single market yet no freedom of movement...
A divorce seems an odd comparison to choose, but the UK has a large trade deficit with the EU. If the UK leaders had a backbone, they would walk away or be tougher in negotiations.
> 2. See 1. Also, there have been compromises, the UK wants to get unicorns. Full access to the single market yet no freedom of movement...
Do you have any examples?
Why should the idealogical idea of freedom of movement be linked to an economic market? This is an EU idea, and the separate of the two is not a unicorn. See: other trade agreements.
Single market without freedom of movement is possible, but the thing about the EU is that different countries disagree about what the good parts and the bad parts are. Austria, if acting alone, might be willing to agree to single market without freedom of movement, but Poland is not going accept that. And so on. If you compromise with everyone, well, congratulations, you've joined the EU.
> This is an EU idea
I think you answer your own question. It's a founding principle of the EU.
And it's not Groucho Marx either ("these are my principles, if you don't like them, I have others!").
If you there is no good reason, then there's also no good reason for EPAG to collect this information.
Basically this is pedantry around something that completely does not matter. Every major registrar already provides mechanisms for hiding this info from the general public should you choose to do so.
Seems like lawyering for lawyering's sake. When can we get rid of that?
I think you missed a "by charging a fee to not do something they have no reason to otherwise do except to force you to pay a fee" in there.
Seems like charging fees for charging fees sake, when can we get rid of that?
Privacy and property rights are interconnected: after all, what is privacy but the right to do with yourself and your property as you see fit without outside observation/interference?
These rights are sometimes at odds with each other: can you really own property if your ownership is not publicly recorded/recognized?
And GDPR does not prohibit voluntary owner entries into a central whois directory, it just prohibits transferring personal data without consent.