GDPR labelled an “unmitigated victory for the scammers” as EPDP kicks off

As the ICANN community launches an expedited policy development process (EPDP) for the temporary specification for gTLD registration data, US Assistant Secretary of Commerce for Communications and Information David J Redl has slammed the decision to limit access to public WHOIS data, deeming it an “unmitigated victory for the spammers and scammers”.

The EPDP – initiated by ICANN’s Generic Names Supporting Organisation Council – is an effort to create consensus policy on the temporary specification, which was designed to ensure that WHOIS data access complies with the EU General Data Protection Regulation (GDPR). The specification has resulted in challenges for rights holders seeking to identify the owners of potentially infringing websites. With portions of previously public WHOIS information no longer accessible, parties with legitimate access can lodge data access requests with registries and registrars. However, at ICANN’s most recent meeting in Panama, one participant noted that Facebook had lodged 1,736 legitimate WHOIS requests with 167 different registrars since the GDPR came into force and received a response from just three of them.

This lack of cooperation over data requests also extends to UDRP actions, with Hogan Lovells’ David Taylor noting that he has gone “back and forth with some registrars”, concluding: “Now everything is behind the curtain and this radical change does not have access in sync with it. I have concern over who is benefiting most from GDPR – it is the phishers and infringers.”

These comments were echoed by Redl at the Internet Governance Forum USA, where he noted that WHOIS is a vital tool for parties to shut down criminal enterprises and track bad actors, as well as being “a first line in the defence of intellectual property”, adding:

Unfortunately, European authorities have indicated that the collection and public provision of domain name registration data violates GDPR… This is an unmitigated victory for the spammers and scammers that plague consumers and businesses. The National Telecommunications and Information Administration and the highest levels of the US government are engaging with the European Data Protection Board, the European Commission and European member states to provide clarity and guidance to the community as it works to facilitate access and accreditation to WHOIS information, which is now private. This access mechanism is critical to meeting the needs of law enforcement, cybersecurity and rights protection.