back to article Hey, so Europe's GDPR privacy deadline for Whois? We're going to miss it ... by a year or so

The internet's domain name system is going to miss a May 25 deadline to become compliant with new European privacy legislation by, um, a year or so. That's according to the companies that register and maintain domain names, who outlined their schedule in a letter [PDF] to DNS oversight body ICANN. The organizations, which are …

Page:

  1. Doctor Syntax Silver badge

    A year or more? It depends on how quickly the cases work through the regulators' systems. Once the fines start rolling in it will take a lot less than a year after that.

    1. Gordon 10

      I for one would like to see ICANN themselves being used as an example by the EU.

      If I am reading rightly they had about $300m turnover last year so they'd be in line for the 10m/20m fine level rather than the 2%/4% level.

      1. Doctor Syntax Silver badge

        "I for one would like to see ICANN themselves being used as an example by the EU."

        It's a nice thought but I doubt it would fly. The data subject's arrangements are with the registrar. It would take a court case to determine how the law applied.

      2. Anonymous Coward
        Anonymous Coward

        "If I am reading rightly they had about $300m turnover last year so they'd be in line for the 10m/20m fine level rather than the 2%/4% level."

        Even assuming ICANN stores the data of european registrees with country specific addresses (I'm not sure it does, I thought that was the local registrar but this isn't my field so I'm probably wrong) , they're a US organisation and the EU have no jurisdiction over them so the EU can get court rulings, wave legal documents and fine away until the cows log off, ICANN could - and probably would - simply ignore them.

        1. codejunky Silver badge

          @ boltar

          "EU have no jurisdiction over them"

          I do look forward to seeing how this goes. I am hopeful to watch the Donald kick the EU's teeth a few times just for fun. It will be a sad day when countries outside the EU start listening to the EU's fanciful whims.

          1. Dan 55 Silver badge

            Re: @ codejunky

            Data protection is a fanciful whim because EU.

            Yep, makes about as much sense as your other posts.

            1. codejunky Silver badge

              Re: @ codejunky

              "Data protection is a fanciful whim because EU."

              So your assumption applied means that air is oxygen. Which is wrong as oxygen is poison on its own (under normal pressure). It is instead a matter of degrees.

              "Yep, makes about as much sense as your other posts."

              If all you can see is black and white extremes you can never understand as the importance is in the degrees.

              @imanidiot

              "As opposed to countries outside the US listening to the US's fanciful whims as has been the case for decades?"

              Exactly. We people dont like it and the US is actually powerful militarily, economically and politically. I dont think much comparison can really be made with the EU.

              1. Roland6 Silver badge

                Re: @ codejunky

                We people dont like it and the US is actually powerful militarily, economically and politically. I dont think much comparison can really be made with the EU.

                That is to be expected given the USA has had 200+ years and growing to get its act together, whereas the USE (united states of Europe) remains just a wet dream of a few politicians who should know better.

                I do think that some deluded souls, are of the opinion that the EU is ineffective, once the UK is free of the EU, it willbe able to stick two fingers up at the world (including the USA) and suddenly people will stand up and take note...

                1. teknopaul

                  Re: @ codejunky

                  Hows that sticking two fingers up at the rest of the world thing been going for ya?

                2. Anonymous Coward
                  Anonymous Coward

                  Re: @ codejunky

                  Is this The register of Fox news? Yea, the usa have really managed to get its act together... Hahahhahaha

                3. Anonymous Coward
                  Anonymous Coward

                  Re: @ codejunky

                  "I do think that some deluded souls, are of the opinion that the EU is ineffective, once the UK is free of the EU, it willbe able to stick two fingers up at the world (including the USA) and suddenly people will stand up and take note..."

                  The EU as an organisation (not Europe) is a joke. Its militarily a non entity - NATO kept the peace in europe for the last 60 years - financially its profligate and hasn't published its own official accounts for TWENTY years, and since it consists of 28 countries all with different priorities and political aspirations getting anything useful done is like herding cats. The European Parliament is nothing more than a talking shop for 2nd rate politicians and ones retired from their own nations political system who just want a cushy retirement fund (Kinnock, Juncker).

                  1. Roland6 Silver badge
                    Pint

                    Re: @ codejunky

                    @boltar - The EU as an organisation (not Europe) is a joke. ...

                    Don't disagree.

                    However, I think you misread my point: 'it' means the 'UK'.

                    The European Parliament is nothing more than a talking shop for 2nd rate politicians and ones retired from their own nations political system who just want a cushy retirement fund

                    Funny how the first person I thought of was ... Nigel Farage - definitely a 2nd rate politician and unable to get himself elected in their own nation... :)

                    That's a pint of Adnams.Broadside :)

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: @ codejunky

                      "Funny how the first person I thought of was ... Nigel Farage - definitely a 2nd rate politician and unable to get himself elected in their own nation... :)"

                      Well you say that, but he's been consistently been re-elected as MEP for SE england for the last 19 years.

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: @ codejunky

                        "Nigel Farage - definitely a 2nd rate politician"

                        He lead a party that got 4 million votes, and is clearly one of our most intelligent and eloquent politicians. You dont have to agree with his politics but there's no way he's second rate.

                        1. Anonymous Coward
                          Anonymous Coward

                          Re: @ codejunky

                          "He lead a party that got 4 million votes"

                          Which is more votes than the SNP got 50 seats with. We desperately need proportional representation.

                      2. Anonymous Coward
                        Anonymous Coward

                        Re: @ codejunky

                        "Well you say that, but he's been consistently been re-elected as MEP for SE england for the last 19 years."

                        And for good reason:

                        https://youtu.be/DfjtneGa70g

                        1. Dan 55 Silver badge

                          Re: @ codejunky

                          You can search for "the worst of Nigel Farage" and get something too...

                          Like this.

                  2. NerryTutkins

                    Re: @ codejunky

                    I am always fascinated by the people pushing the 'take back control' mantra being the same people who enthusiastically insist it is NATO rather than the EU that has kept peace in Europe for decades.

                    This is the same NATO where the Supreme Commander (Europe) is always an American. Put a guy from the other side of the Atlantic ocean in control of OUR planes, ships, tanks and troops, in defence of our own country, a guy who if the balloon goes up will be on the first flight back to the US to direct Armageddon from afar? No problem.

                    But sit round a table with our (foreign speaking) neighbours and come up with common hairdryer rules? Pffft. What a humiliating insult to our great country, and a violation of our sovereignty.

                    1. codejunky Silver badge

                      Re: @ codejunky

                      @ NerryTutkins

                      "I am always fascinated by the people pushing the 'take back control' mantra being the same people who enthusiastically insist it is NATO rather than the EU that has kept peace in Europe for decades."

                      Why? The reason NATO gets mentioned as the peace keeper is because some seriously uninformed people arguing to remain and possibly not being old enough to know any better thought the EU kept the peace since the second world war. It became such a 'common knowledge' fact that anyone knowing better (remain or leave) had to explain to these people that history did not start with the creation of the EU.

                      "Put a guy from the other side of the Atlantic ocean"

                      And yet the military power that is large enough and equipped enough to be the main force in NATO to which the rest of us working together should be able to support except only some of Europe can be bothered to fund. All the while the EU tries to provide a new solution to a non-existent problem by wanting to make their own army but without a clue of how such a stupid idea can be formed. By a Union that is in self inflicted crises and struggles to wrap their heads around it. Yet expect the Americans to step in when they screw up badly such as Ukraine's current situation.

                      "But sit round a table with our (foreign speaking) neighbours and come up with common hairdryer rules?"

                      Have idiots imposing dumb regulations to enforce upon the people to make them poorer who are now trying to convince the UK to remain under such rules when we leave otherwise we will have a competitive advantage. Such neighbours who have less in common with us than those Americans over the ocean.

                      "What a humiliating insult to our great country, and a violation of our sovereignty."

                      And the good news is the people have had the right to vote on the matter finally and in keeping with our more democratic way we are leaving and taking back our sovereignty.

                    2. jpf1458

                      Re: @ codejunky

                      The Supreme Commander is not always an American. Sure, if America is supplying the majority in a major battle and pays the greatest cost to NATO, America will want it's investment looked after, especially if the battle is not on U.S. soil.

                      "General Stéphane Abrial, the commander from 2009 until 2012, was the first non-American to hold a supreme commander role within NATO. Since then this position has been held by a French Air Force officer. The commander of the organization is currently General Denis Mercier".

              2. Anonymous Coward
                Anonymous Coward

                Re: @ codejunky

                "I dont think much comparison can really be made with the EU."

                True, the EU economy is somewhat larger than the US. No one really cares what the US says these days.

                1. jpf1458

                  Re: @ codejunky

                  Except everyone who does business with her. The EU produces .5 trillion more in GDP than the US but also has 188 million more people.

              3. Dan 55 Silver badge

                Re: @ codejunky

                If all you can see is black and white extremes you can never understand as the importance is in the degrees.

                Was this a sudden attack of lucidity after your first contribution to this thread?

                Exactly. We people dont like it and the US is actually powerful militarily, economically and politically. I dont think much comparison can really be made with the EU.

                The EU doesn't need to invade ICANN (or Google, or Facebook) to get it to take data protection seriously.

            2. jpf1458

              Re: @ codejunky

              Nothing in the registry should be considered protected data. Who owns a website should be open for all to see. If someone's website is compromised and they are DDoSing my site, I should be able to contact them about it. The EU is made up of pansies.

          2. imanidiot Silver badge

            Re: @ boltar

            As opposed to countries outside the US listening to the US's fanciful whims as has been the case for decades?

        2. Anonymous Coward
          Anonymous Coward

          "they're a US organisation and the EU have no jurisdiction over them so the EU can get court rulings, wave legal documents and fine away until the cows log off, ICANN could - and probably would - simply ignore them"

          It doesnt matter if they are in the US. If they store the data of EU citizens then the GDPR applies. Presumably it gets paid fees by EU companies. The EU would likely block payments and simply seize those until the value of fines was met.

          1. Ken Hagan Gold badge

            "It doesnt matter if they are in the US. If they store the data of EU citizens then the GDPR applies. "

            Er, bollocks? For anyone to be subject to EU law, they have to be either in the EU or find it convenient to abide by those laws in order to do business with customers who are in the EU. ICANN probably falls into the latter category, but if anyone starts bandying about fines then I think you'll find that they no longer "find it convenient".

            How many Iranian or North Korean laws have you broken with impunity recently? The same principle applies.

            1. Anonymous Coward
              Anonymous Coward

              "For anyone to be subject to EU law, they have to be either in the EU or find it convenient to abide by those laws in order to do business with customers who are in the EU"

              Nope. If the GDPR applies then if they find it convenient is irrelevant. They will be fined if they break the rules and if fines are not paid and assets cant be seized then they will be blocked from trading with EU consumers and companies.

              1. Ken Hagan Gold badge

                @AC: Perhaps you should bother to read the bit that you actually quoted. ICANN are perfectly at liberty to refuse to do business in the EU. They probably don't have any assets there and if European registrars want something, they can notionally travel to the US, get that something, and bring it back.

                Of course, that is kind of an argument against such an important function being in the hands of a private US company, but that's not the issue at stake here.

        3. Anonymous Coward
          Anonymous Coward

          it burns......

          they're a US organisation and the EU have no jurisdiction over them so the EU can get court rulings, wave legal documents and fine away until the cows log off, ICANN could - and probably would - simply ignore them.

          oh the irony of it burns.....

          how many years have the USA not been aware of where their borders end and installed themselves as the world police... then when little old EU tries the same tactic they will tell them to fuck off

  2. Nate Amsden

    private registation

    Seems there has been a solution available for a long time already called private registration (maybe that is the wrong term), where the registrar obscures the actual registrant of the domain and often times offers an email forwarding service in order to contact them. But of course registrars like to charge a premium for that service.

    So the technology exists, perhaps they just don't want to use it in a broader scale.

    I've never felt the value of knowing who a domain is registered to has much use to it myself, a domain can point to anything. IPv4 addresses on the other hand in general are far less portable. I actually did a WHOIS on one of the IPs I had at a colo maybe 6 years ago and it still had my name on it.

    That reminds me of a strange phone call I got maybe back in 2013. Woke me up from sleep in a hotel room. Turns out it was the FBI. I was nervous of course never having talked to them before. They were trying to get in touch with my former employer but there was no contact info on the website and they could not find a phone number anywhere. My name was on their company domain(I had left the company 1+ years prior) so they tried to call me. The FBI had interest in getting access to the company's logs I assume for questionable user generated content on their site. I got them in touch with people at the company(the company has long since gone out of business now).

    1. Gordon 10

      Re: private registation

      Would someone like to explain the downvotes on this post? Was it about the GDPR bit or the cooperating with the FEEBS?

      Isnt "Private Registration" a valid solution? Just that most providers have been using it as a money spinner and don't want to give it up?

      Reminds me of the Upton Sinclair quote most that usually gets applied to wayward bankers:

      "It is difficult to get a man to understand something, when his salary/bonus depends upon his not understanding it!"

      1. GruntyMcPugh Silver badge

        Re: private registation

        'money spinner' indeed,... my wife just registered a domain name for her new business, and opted for the 'Private registration' for a couple of quid extra. Although, (and I might be mis-remembering this, so excuse me) but different top level domain had different requirements... .com required a name to be associated with the domain, but .co.uk didn't. Did that change?

    2. Doctor Syntax Silver badge

      Re: private registation

      "Seems there has been a solution available for a long time already called private registration... But of course registrars like to charge a premium for that service."

      With my registrar it's just a tick box. My name is shown on whois but address is withheld. No charge - or if there is I've never noticed it in my payments.

      1. Roland6 Silver badge

        Re: private registation

        With my registrar it's just a tick box. My name is shown on whois but address is withheld. No charge - or if there is I've never noticed it in my payments.

        This is the bit I don't get:

        "Other key issues include whether to give domain registrants an opt-in system to have their contact details displayed – which would take nine months to implement"

        Surely, the quick and expedient solution is for the EU-based registrars to simply set the form's default to have the box ticked and add a second 'consent' tick box for those who untick the box. What is surprising is that EU registrars are still not defaulting to the privacy option and increasing their prices accordingly (ie. no discount for selecting no privacy).

        The only issue is the handling of previous registrations, but then (as noted previously on El Reg) the registrars can change the T&Cs and so can give registrants notice that their ICAAN registration details will be changed.

      2. HieronymusBloggs

        Re: private registation

        "With my registrar it's just a tick box. My name is shown on whois but address is withheld."

        Unless things have changed recently Nominet allows private individuals to register .co.uk domains without a contact address. Business sites need a mail address even if it's only a PO Box. Other domains like .com need an address even for private individuals.

    3. Anonymous Coward
      Anonymous Coward

      Re: private registation

      "Seems there has been a solution available for a long time already called private registration "

      It's only permitted on a few TLDs.

  3. Anonymous Coward
    Anonymous Coward

    If roles were reversed, would USA give EU more time?

    Would you please f*ck off!!! POTUS would march Europe to the Mexican border to be shot! Seriously I can see Europe and America coming to major blows over Privacy in the next few years.

    Its hard to believe, but the level of ignorance over Privacy and 'IoT Bubble Thinking' is amazing at US corporations. How blind is Silicon Valley... Look at CES 2017 / 2018 in all places Vegas! So much pollyannic useless IoT, with no privacy / security in sight!

    There is a wider world outside West Texas and California. Time to wake the f*ck up America! Get your house in order, or we'll do it for you!

    1. Anonymous Coward
      Anonymous Coward

      No wonder Americans don't push for more privacy

      https://www.bloomberg.com/news/features/2018-04-10/instagram-looks-like-facebook-s-best-hope

      "Most Americans don’t know the identity of Instagram’s parent, which is just fine with Facebook. Facebook has boosted Instagram where convenient—in conversations with advertisers, for example—but otherwise hasn’t done a lot of co-branding, keeping it separate in the minds of consumers and lawmakers.

      The majority of Americans don’t know about Instagram’s affiliation, according to a poll last year by Reticle Research and the Verge. On LinkedIn, when employees change jobs from Facebook to Instagram, they list Instagram as a separate company. In the U.S., Instagram has mostly avoided guilt by association with Facebook. And the parent company has worked to keep it that way."

    2. This post has been deleted by its author

    3. sanmigueelbeer
      Stop

      Re: If roles were reversed, would USA give EU more time?

      Time to wake the f*ck up America! Get your house in order, or we'll do it for you!

      Nobody, and I mean NOBODY tells the Americans what to do. (The Americans, however, get a hard-on telling everybody else what to do.)

      I can see Europe and America coming to major blows over Privacy in the next few years.

      This is not going to happen. American government will make/pass law associating GDPR to "supporting terrorism". EU will just roll over to the side and let the Americans "do as they please".

      Doesn't stop the Americans. They have already made it a law that any data stored in an Irish server falls under the jurisdiction of the American government so this GDPR is just "child's play" to them.

      1. Lusty

        Re: If roles were reversed, would USA give EU more time?

        “They have already made it a law that any data stored in an Irish server falls under the jurisdiction of the American government ”

        Dude, the CLOUD act is only like two pages. Give reading a try just this once. It says nothing like what you suggest and in fact the Irish government needs to be involved in the process if the data doesn’t clearly belong to a US citizen.

        1. Anonymous Coward
          Anonymous Coward

          "the Irish government needs to be involved [...] if the data doesn’t clearly belong to a US citizen

          No. Actually the CLOUD Act simply tells the involved company may file motion to a US court to quash the request if it believes the data belongs to a non US citizen.

          Then a US court decides if the request should be quashed, taking into account the interests of the United States

          A foreign court is never involved. That was exactly the aim of the act, otherwise it would have been exactly like before.

          Moreover read what "qualifying government" means in the act - because if it is not a "qualifying government", there are even less protections.

          Also, you can only "qualify" on US terms - US never sough an international agreement or treaty, just made its own law and wants to force others to abide. Hope they will be shown the middle finger.

        2. Doctor Syntax Silver badge

          Re: If roles were reversed, would USA give EU more time?

          "the Irish government needs to be involved in the process if the data doesn’t clearly belong to a US citizen."

          GDPR protects EU residents so a US citizen resident in the EU would still come under its protection. Presumably US corporations who are potentially vulnerable will be making plans for arm's length operations for EU data.

          1. Anonymous Coward
            Anonymous Coward

            Re: If roles were reversed, would USA give EU more time?

            "GDPR protects EU residents "

            It protects any personal data stored in the EU. Not just of EU residents.

            1. John Brown (no body) Silver badge

              Re: If roles were reversed, would USA give EU more time?

              "It protects any personal data stored in the EU. Not just of EU residents."

              And that is a fundamental difference between EU and US. In the US, only US citizens data has some protection (and "some" does appear to be the operative word here). Even if you reside in the US, if you're not a citizen you have little protection. In the EU, your data is protected equally, even if you not resident.

              This what the whole Irish/Microsoft thing revolves around. Data of/by a US citizen in the US but heald in Ireland. The US should be talking to the Irish Govt. about getting access to the data and offering the evidence as to why the Irish should accede, not strong-arming MS to illegally export the data from an EU jurisdiction to a US one.

      2. Hans 1

        Re: If roles were reversed, would USA give EU more time?

        Doesn't stop the Americans. They have already made it a law that any data stored in an Irish server falls under the jurisdiction of the American government so this GDPR is just "child's play" to them.

        This just means that any business that has a foothold in EU land is not allowed to store sensitive data on USian cloud servers and that is fine, the nail in the coffin for cloud services ... and nobody has noticed, yet.

        Besides, you forgot the executive order that read that ONLY US citizens were eligible to privacy protection laws, not foreigners ... you are a EU business and use Azure ? EU: Where is that 4%, please ? Thanks!

        1. Anonymous Coward
          Anonymous Coward

          Re: If roles were reversed, would USA give EU more time?

          "They have already made it a law that any data stored in an Irish server falls under the jurisdiction of the American government so this GDPR is just "child's play" to them."

          Well no because that would be illegal under EU law and there would be VERy large fines if they did that. GDPR alao protects the data of Americans if it is stored in the EU. So companies like Microsoft will have littke choice but to make such data inaccessible from their US offices without EU based approval.

    4. Dodgy Geezer Silver badge

      Re: If roles were reversed, would USA give EU more time?

      ...Time to wake the f*ck up America! Get your house in order, or we'll do it for you!...

      Them's fightin' words, pardner.... Go fer yer gun....

      https://www.youtube.com/watch?v=THWCH2Nwsss

      1. Anonymous Coward
        Anonymous Coward

        Re: If roles were reversed, would USA give EU more time?

        "Them's fightin' words, pardner.... Go fer yer gun...."

        We give ours only to those properly trained and licensed to use them. Hence why our armed police are extremely effective whereas yours are gung-go amateurs that far too often shoot innocent people.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like