In 2018, the introduction of the General Data Protection Regulation in 2018 strengthened the protection of individuals’ personal data within the European Union and imposed strict restrictions on the processing and disclosure of such data without explicit consent. Since WHOIS information often includes personal data of domain name holders, a lot of information has been made inaccessible or anonymized to comply with the GDPR (name, contact details). In addition, this standardized protocol makes it possible to search for registration information associated with domain names, IP addresses, or related entities on the Internet.
In response to these restrictions, the Registration Data Request Service (RDRS), introduced on 28 November by the ICANN Board, was implemented to enable controlled, GDPR-compliant access to certain WHOIS-masked data.
This system handles requests for access to non-public registration data related to generic top-level domains (gTLDs), such as the contact name, postal and email address, and telephone number associated with a domain name, linking requesters with ICANN-accredited registrars.
The conditions for accessing this data are as follows:
- Domain names must be registered among generic top-level extensions (.com, .net, .info, etc.);
- Only ICANN-accredited registrars that adhere to the system are concerned;
- The disclosure must be for non-public data;
- The applicant must demonstrate his or her rights and prove a legitimate interest in accessing this public data;
- Finally, the applicant must have a power of representation to act on behalf of trademark owners or other legitimate stakeholders.
If this system is successful, ICANN will then consider adopting more permanent solutions such as the Standardized Access/Disclosure System (SSAD) recommended by the Generic Names Supporting Organization’s (GNSO) Expedited Policy Development Process (EPDP).
The RDRS User Experience
This low approval rate can be explained in particular by certain notable disparities observed between the different registrars. In addition, some registrars automatically deny trademark and intellectual property applications, for example by referring them to their own complaint and disclosure procedures.
Conclusion
Potential changes to the RDRS could significantly influence the way Internet domain data is managed, affecting registrars, applicants, and the Internet ecosystem as a whole.