Discussion of privacy laws and the transfer of personal data always accompany WHOIS discussions. Some policy discussions center on changing the WHOIS policy to restrict the amount of information available through the display of a WHOIS record. Many European nations, for example, have strict controls about how personal data moves across national borders. Registrars sponsoring a domain name might be in a different country from the registrant and from the registry that enters it into the zone file. WHOIS inquiries come from many different countries. Data flows globally. Laws change over time, and it may be difficult to identify how privacy laws apply to the flow of information and data across borders.
As a result, there is the possibility of conflicts between national laws and the terms and conditions applicable to WHOIS. Registrars and registries must abide by applicable law. ICANN has developed procedures for addressing issues where conflicts arise between compliance with ICANN policy and compliance with national laws. See the ICANN Procedure For Handling WHOIS Conflicts with Privacy Law for more information on ICANN’s current procedure.
However, concerns continue to be raised about WHOIS in light of these privacy laws by the EU Article 29 Working Party, an Independent EU Advisory Body on Data Protection and Privacy. For more information, review the correspondence:
The ICANN community is likely to explore these issues in the future through policy activities conducted by the GNSO. The Get Involved section of this site provides more information on how to participate in these policy discussions.