On the 25th of May 2018, the enforcement of the European Union’s new General Data Protection Regulation (GDPR) comes into effect. The GDPR is a pronounced and extraordinary revision to European privacy law, which will have significant repercussions for the Internet’s Domain Name System.

For over two decades, domain name registrants have been subject to emotional, financial, and in some cases, physical harm, as a result of registering a domain name. This is because when a domain name is registered, sensitive and personally-identifiable information about the registrant is collected and stored in databases that can be accessed by any actor for any reason through WHOIS queries.

The GDPR may well spell the end of the WHOIS service, a protocol used for querying databases that store the name, address, and telephone number of the registrant of a domain name. In this panel, featuring privacy practitioners and experts in the WHOIS service, we will consider the impact of European privacy standards on the global Internet. This will be an interactive panel orientated towards newcomers, and will be divided into three segments:

The first part will introduce the Domain Name System and WHOIS, as well as international understandings of and approaches to privacy.
The second part will focus on ICANN and its institutionalised conflict with data protection laws, seeking to provide clarity around ICANN previous reluctant stance on respecting privacy law and protecting registrants from the harm that arises from violating their privacy.
The third part of the session will provide a look ahead, focusing on the enforcement and implementation of the GDPR, looking at ICANN’s preparations (or lack thereof) and the potential consequences that may follow.