I found this on ICANN’s web site: “Recently, new global data privacy regulations such as the European Union's Global Data Protection Regulation have restricted the amount of public information that your Registrar needs to make available, to help protect the privacy of registrants.”
<https://www.icann.org/en/contracted-parties/consensus-policies/registration-data-reminder-policy/faqs-domain-name-registrant-contact-information-and-icanns-whois-data-reminder-policy-wdrp-25-02-2012-en> FAQs: Domain Name Registrant Contact Information and ICANN’s WHOIS Data Reminder Policy (WDRP)<https://www.icann.org/en/contracted-parties/consensus-policies/registration-data-reminder-policy/faqs-domain-name-registrant-contact-information-and-icanns-whois-data-reminder-policy-wdrp-25-02-2012-en> icann.org<https://www.icann.org/en/contracted-parties/consensus-policies/registration-data-reminder-policy/faqs-domain-name-registrant-contact-information-and-icanns-whois-data-reminder-policy-wdrp-25-02-2012-en> [favicon.ico]<https://www.icann.org/en/contracted-parties/consensus-policies/registration-data-reminder-policy/faqs-domain-name-registrant-contact-information-and-icanns-whois-data-reminder-policy-wdrp-25-02-2012-en> -mel via cell On Jul 19, 2025, at 9:16 AM, Jay Acuna via NANOG <nanog@lists.nanog.org> wrote: yeah, opting for less information to stay on the safe side is a likely outcome of GDPR. It's referred to as the 'Brussels Effect' , or 'California Effect'. When certain types of regulation apply in a very large market, most companies just apply those rules to their entire business operation, Businesses usually want to implement the same standards everywhere they operate, But they don't If the standard is economically detrimental to overcome inertia. California has something akin to the FTC's failed click to cancel rule, and there are websites which have the "easy" online cancel button only available to subscribers who claimed to be a resident of that state, and those in other states have the difficult cancel button. I would suggest here the GPDR is controlling only because of ICANN inaction and ICANN indecisiveness. It is entirely possible ICANN (if there was actually concern about preserving the WHOIS service) could have set a rule requiring full WHOIS contacts for all organizations and a registrant name and address including a physical address of the registrant and requiring a real person's name, address, phone, and fax for at least 1 contact of each type who is an person individually authorized by the domain owner and not a forwarding address, presented in every WHOIS listing, and verified by the registrar calling the number and obtaining consent, and posting a physical letter, and obtaining consent, and sending an email, and obtaining consent. And registrars not able to enforce those requirements on every domain that appears purported to be the domain of a company or business; due to being within GPDR jurisdiction would no longer be able to remain accredited registrars. Possibly requiring anyone in the EU wishing to register a domain to leave their jurisdiction and conduct business with an overseas registrar able to run a WHOIS service not subject to the EU's local rules. -- -JA _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/JJFWC7L24MF6J7OKK4ZNRRA3JSOQMJNY/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/7HIUUVNKS22OP6Q3VQFEHYMPLCZIS24N/
