1awww as well as many other companies have been preparing for a long time for the new Data Protection basic Regulation (GDPR), but they cannot actually implement it completely!
Already in the year 1995, the States have laid down Directive 95/46/EC to establish uniform data protection laws in Europe. In 2016, the GDPR was adopted by regulation 2016/679 EU and this has been valid since 2016, but must be implemented by all EU-Statens to the 25.05.2018 binding and then applies to all!
The new data Protection basic regulation will better protect the personal data of natural persons in the future! These data include, for example, Name, first name, address, email address, telephone number, fax number, date of birth etc. and in connection of course any transaction data, such as Data from orders and profiles created by the use of the Internet and stored somewhere!
In addition, as usual, customers should be informed about compliance with the new GDPR and which data such as where is stored elsewhere!
Of the 28 member states, only 4 Member States have transposed the EU regulation into national legislation! Various companies are not even able to set the GDPR correctly, because there are no prerequisites that are still not regulated by dependence with other companies and organizations abroad! The EU regulation contradicts contracts and rules that have long existed with customers and cannot be changed unless the higher-level organisation has reorganised its own rules and conditions, otherwise millions of people will be subject to Either laws or treaties, already from the first day, violate!
CT has already reported several times about ICANN’s negotiations with the European Union! However, a consensus has not yet come to an end and one wants to meet again on the 23.05.2018 (2 days before the introduction of the GDPR) on this topic (… And maybe a few cups of coffee?) !
ICANN is the governing body of domain Registries, to which most domain Registries are connected worldwide, as well as the DENIC (domain registry for German domains), the NIC. At (Austrian domain registry), the. CH (Switzerland-Oh, yes Switzerland is not a member of the European Union anyway) and also the large Registries for generic top-level domains are connected, like e.g. For. com, .net,. ORG domains as well as all new top-level domains (NgTLD).
ICANN has concluded contracts with most domain Registries and this has been in part for many years and these are the domain Registries bound and also all registrars that register via the registry for customer domains and subordinate all Domain Resellers (reseller/Internet service provider). With the domain registry, all customers have also accepted the respective domain-contracts of the relevant domain-registry!
As a result of these contracts, the personal data of the registrants (domain owners) and administrators, the relevant technical contacts and billing contact data have been transmitted and this data has been collected in public whois directories for Available to everyone!
According. Articles, even the DENIC in Germany should have sent contact data of the domain holder to ICANN! Contractually regulated, with ICANN Lt. CT that this data is transmitted! However, this is in principle contrary to the new data protection basic regulation!
The ICANN regulations, in turn, stipulated that the WHOIS data had to be provided publicly available, but only for legitimate purposes, such as Checking the domain holder when moving the domain or other contractual questions or if necessary In case of legal problems! These conditions, however, were unjustifiably read and published by spammer farms and public directories from the public whois directories for years, and were then abused in particular by spam mails! Not only for this reason, the public directories that have unjustifiably published the WHOIS data have been a thorn in the eye for many!
We at 1awww have already in the past repeatedly written these public directories and asked to refrain from the unauthorised publication and have also in the latter time in particular referred to the new EU data protection laws, which Yes already in effect from 2016! We were also able to persuade various suppliers to delete this data and to put the further publication on! We had success at IPAdress.com, CuteStat.com, prozortehnologije.com and RegisteryDB.com!
In some directories we have also written the relevant domain and network providers and as it looks today, the directories we have written have discontinued these publications and also deleted them! However, some directories have not responded to the present day or have not been written by us, because it is not our job to “clean” the internet!
Our actions against unauthorised publications already took place in January and February 2018, but this was due to massive spam on mail addresses that were used for immediate registration of domains! However, we were able to achieve these findings only after we set up a new mail gateway at the beginning of the year, which allows us to evaluate the spam more accurately!
That is why we generally welcome the new Data Protection Act, because it also significantly limits the flood of spam, which already accounts for well over 90% of mail traffic, and in particular only on mail addresses that are published in the WHOIS directories. Were!
ICANN is an American organization that CT massively reluctant to put the privacy laws of Europe in order! The European data protection laws, however, also apply in America, when citizens of the EU are affected, due to the safe-Harbor agreement of 2000, that the Privacy Shield agreement was replaced by 2016!
While in the meantime, the WHOIS retrieval of some domain extensions has already been moved to the registrars, but still this data can be read for the most part by automatic scripts also by these registrars without limit, instead of the retrieval, for example Only through websites by natural persons and thus to make it more difficult, e.g. By using CAPTCHA queries or queries that require proof of the legitimate purpose!
The GDPR prohibits the disclosure and further publication of the WHOIS data, especially if the EU data protection laws are not complied with, because this is in particular personal data, which enjoy a legitimate need for protection! This applies even if domain customers have previously agreed to the storage and publication, which is governed by the existing domain contracts in general! The agreement and its consequences, but also for many domain customers, were not exactly recognizable! And ICANN has failed for years to monitor the self-imposed conditions for the use of WHOIS services and to prevent mass retrieval and mass spam!
If we now look at the fact that the implementation of the GDPR in all EU countries must have taken place until the 25.05.2018 and also the Registries, registrars etc. So that all data traffic can only be processed according to the new rights, we already see today that this implementation may not take place on time or that you have to think of something as a business to define this so that it first “fits”!
What traps will still come to website operators, we will write in the next blog articles! We have already made changes to the manufacturer for one of the most important components of one of our products.
Today the CT writes about the statement of the EU Commissioner v. RA Jourová that she wants to reduce the “panic”! However, no statement was made as to what she wants to do at the last moment! It is also clear, however, that some Dunning groups are already looking forward to the 25.05.2018 and therefore, such non-expressing statements are probably rather out of place, especially if today on the same day Google the statement that Google 500 man-years in the Preparation for the new GDPR have been used!
Let’s end the day today with the open question of how much man-years a smaller company now needs to really work according to the GDPR!