The group overseeing Internet addresses is scrambling to balance the privacy of website owners and the right to know who is behind online pages. The nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) began a weeklong meeting Monday focused on the fate of the public Whois database, which shows contact information for those who own websites. A General Data Protection Regulation (GDPR) set to take effect in the European Union on May 25 could make revealing personal information about website owners in Whois illegal. This week's ICANN meeting in Puerto Rico is the last before the GDPR deadline.
"We will try to find a path forward," ICANN global domains division president Akram Atallah told AFP in a telephone interview.
"There is a lot of work still to be done, but we are working as fast as possible."
While the GDPR backs the right of people to "be forgotten" online, it raises the question of whether to shield personally identifying information about website owners listed in a Whois directory created by ICANN for transparency. The GDPR applies to people, not organizations with fictitious names, but comes into play if individuals are somehow identified, according to ICANN. Problems arise, for example, if a company name or email address is the same as the person who owns it. If ICANN were to simply discontinue the Whois index in Europe that could create a haven for those from other parts of the world who want to hide which websites they own. ICANN's understanding is that Whois information can be published, as long as the nonprofit group can justify that doing so is in the public interest.
"We propose trying to keep as much of the policy we have unchanged while being in compliance with the law," Atallah said. ICANN is refining a plan to divide Whois into two tiers - one open to the public as is currently the case and a second that could be accessed as needed by police, researchers or others with legitimate queries. It remained to be determined whether journalists would get access, according to Atallah.