ICANN has opened a comment period in relation to whois conflicts with local law / data privacy law.
Of course anytime ICANN, or anyone else, tries to make any changes to whois policy there are issues.
Whois is, for a variety of reasons, an emotive subject.
One of the areas that Article 29, several registries located in the EU and a number of registrars (including ourselves) have queried was ICANN’s policies and processes around whois display when there is a conflict with local law.
Put another way, under EU law many feel that registration details for domain name registrants need to be handled in a manner that is more compatible with the EU Directives and local law ie. registrants have a right to privacy and both registries, registrars and their agents shouldn’t be obliged to follow an ICANN policy that is at odds with local law.
At the moment, however, it is far from easy for a registrar (or registry) to get a “waiver” for whois collection and / or display. To date I’m only aware of two gTLD registries that have managed to get it (.tel and .cat) and no registrar.
Because under the current policy the registrar would need to be already embroiled in a court case or being fined by their DPA before the policy / process can be triggered.
We (Blacknight) looked into it around the time we were getting accredited with ICANN and I remember thinking that there was a typo in the policy and asking ICANN Staff to confirm what I was reading – it was that illogical.
In any case the policy and process is now up for comment and hopefully privacy advocates and others will voice their concerns.
I cannot be neutral on this topic – the current policy and process is a disaster and it needs to be fixed. If you agree then please make your voice heard!
Here’s the background paper they’ve published to explain where this is all coming from and where it might end up going: