On 04/14/2018 07:29 PM, Florian Weimer wrote:
* Filip Hruska:

EURID (.eu) WHOIS already works on a basis that no information about the
registrant is available via standard WHOIS.
In order to get any useful information you have to go to
https://whois.eurid.eu and make a request there.

Seems like a reasonable solution.
Why?  How does the protocol matter?

Either you may publish individual personal information for use by the
general public, or you may not.  Adding a 4 to the port number doesn't
change that.

The EURID webwhois cannot be scraped, there are anti-bot measures in place (captcha, throttling, all information displayed in images). Scraping WHOIS systems for thousands domains at once using the WHOIS protocol is easy though. There are "WHOIS History" sites which scrape all domains and then publish the data along with the date of retrieval.

GDPR contains this in relation to the right to erasure:

1. Where the controller has made the personal data public and is
   obliged pursuant to paragraph 1 to erase the personal data, *the
   controller, taking account of available technology and the cost of
   implementation, shall take reasonable steps, including technical
   measures, to inform controllers which are processing the personal
   data that the data subject has requested the erasure* by such
   controllers of any links to, or*copy or replication of, those
   personal data*.

Controller is the TLD operator in this case, other controllers would be WHOIS scrapers. The problem here is the definition of "reasonable steps". Would doing nothing be reasonable? Or would the TLD operator need to somehow track all those scrapers and contact them?

IANAL, but I see a problem here.

Filip Hruska
Linux System Administrator

Reply via email to