The Register had an item about this recently [0]. If you read the whole thing and follow the links to the earlier articles it's somewhere in the uncanny valley between fascinating and horrifying. ICANN is a deeply conflicted organization. Basically they have been on notice about this since 2003 and have done nothing. As of now, they don't have a plan to resolve this. ICANN and any registrar with EU customers providing the whois service are non-compliant with the GDPR. So the EU based registrars have stopped and ICANN is sueing to force them to continue.<p>eta: One of the big reasons ICANN can't do the sensible thing and just discontinue whois is that it is heavily influenced by the big copyright corporations who presently can start enforcement against a domain by lookup in whois. Once whois is gone they will have to use legal process to compel registrars to reveal the identity of domain owners.<p>[0] <a href="https://www.theregister.co.uk/2018/07/06/europe_no_to_icann_whois/" rel="nofollow">https://www.theregister.co.uk/2018/07/06/europe_no_to_icann_...</a>
For .nl, the whois information for individuals is hidden except for a) interested parties (manually approved) b) investigative/enforcement authorities c) CAs (need to validate ownership). It's all explained in English at <a href="https://www.sidn.nl/a/nl-domain-name/sidn-and-privacy?language_id=2" rel="nofollow">https://www.sidn.nl/a/nl-domain-name/sidn-and-privacy?langua...</a><p>The organization handling .nl, SIDN, has worked like this for a pretty long time. It's pretty much a solved problem. The data is available, just not to a lot of people.
Since the core issue is about registered domains for natural persons it becomes a bit unclear what administrative and technical contact would mean in the context of this lawsuit. Most registries that I have to work with do not use those fields or have hijacked those for their own local purpose (such as local presence). ICANN however only accredit registrars for a few of the generic TLDs so there doesn't seem to be any meaningful reason to have administrative and technical contact for natural persons. Those that do fill in those fields anyway usually just copy the data from the registrant fields, or put the registrar data in as administrative and/or technical contact. Neither adds anything meaningful to whois.<p>When the registrant is a company it make sense to have admin and technical contact but then good practice for the last decade is to not have natural persons in those fields. If John Doe leaves the company then its a major pain to change contact information for 100+ domains, so from a pure practical reason it is better to have a company, role and the company address in the fields (except when local policy for each of the country code top-level domain demand something else). That information is naturally not protected by GDPR.
Interesting that the first case deals with an injunction to <i>comply</i> an EU company to collect information -- not to punish a company from collecting information. I'm actually very surprised that ICANN even tried to do this as it looks like a slam dunk defence. I'll be interested to see the result of the appeal.
I'm curious (and ignorant): how can Europe fine an organization like ICANN?
I can imagine that they can forbid them to do any business in Europe if they don't pay their fine, anything else?
If it come to this, what does it mean for registrar in Europe?
Related, with some insights (3 months ago): <a href="https://news.ycombinator.com/item?id=16856090" rel="nofollow">https://news.ycombinator.com/item?id=16856090</a>
The judgement seems to rest on whether collecting data is necessary for the business. But what place is the judge in to decide that? Isn't the fact that ICANN demands the data from registrars good proof that it is necessary to EPAG's business?
This seems like the worst first take possible for a policy that otherwise seems to have good intentions.<p>Basically this is pedantry around something that completely does not matter. Every major registrar already provides mechanisms for hiding this info from the general public should you choose to do so.<p>Seems like lawyering for lawyering's sake. When can we get rid of that?