How GDPR Will Alter the Manner in Which Database Information Is Acquired
WHOIS database has served as an important tool for corporations, governments, and common people to be able to see the ownership of a common domain name that exists. The database is operated by an organization known as ICAAN, which stands for Internet Corporation for Assigned Names and Numbers. The organization works as an institution that collects domain names from people around the world. The information is collected by the registrars who have to sign an agreement with this organization. This enables the ICAAN to collect the information that is needed to be able to keep their databases up to date and easy to search through. The information that is required is often concerning the name and technical information of the individual who bought the domain. Every registered domain tends to have certain technical information that is unique to them, which is also what the ICAAN aims to collect.
The Broad Spectrum of Domain Owners
There are of course exceptions to this, particularly those that buy domains from private service providers. In this, the domain name is registered under one broad name and is then sublet to those who are in need of a secure domain. This means that the ICAAN is not always able to get the most accurate kind of information that they would need to be able to have a completely accurate database.
The Prevalent Regulations
The ability to ask for domain information from the registrars comes from the GDRP regulations that have been placed, and these are now resulting in GDPR threats on security researchers. This is a set of regulations being imposed on companies and organizations within the EU. The regulations were imposed as a result of the increasing bulk of domains being purchased, and lack of regulation behind them. In the past, domain owners were often unaccounted for, thereby leading to problems concerning the ownership of certain domains. The ICAAN being initiated meant that there would be a regularized medium through which the information about domain owners could be collected and stored. This information could then be applied in a broader medium and offered to those who are in need of this information. The Parliamentary decision behind this regulation was with the aim of ensuring control across websites that are being accessed, and to strengthen the use of data among sites by those living in the EU.
The regulations are however now being challenged in courts, mainly because of the security threats that present themselves in this. Individuals with information can easily do so with the manner in which WHOIS database functions, which means that there is also a potential risk for domain owners. However, the current proceedings taking place in court may change the manner in which this information is accessed such as in the WHOIS database download.
The Court Verdict
As per the last court ruling, those who are on the lookout for certain information about a domain user will first have to get in touch with a registrar to be able to ask them for the information in question. The manner in which this needs to be performed has made way for GDPR threats on security researchers. The registrar is then in the power to provide this information to the concerned parties. Common individuals in search of this data will only get the very basic information that is publicly obtainable, and some technical information regarding the functionality of the site.