Privacy Policy Cookie Policy

GDPR, the end of the WhoIs & what this means to you – with Attorneys Stevan Lieberman, Ari Goldberger & Jason Schaeffer

Domain Name Expert Answers to Your Domain Name QuestionsIn the Sherpa Legal Review, we meet with attorneys who specialize in domain names and ask for their thoughts or opinions on matters affecting domain investors. This episode we are looking at the new GDPR regulation which goes into effect May 25, 2018, and how that will affect the domain industry.

Please note that there is no legal guidance (yet) on GDPR. The issue facing the Domain Industry is a perfect storm of ICANN consensus policy malaise and lack of guidance, coupled with insufficient time to prepare. If you’re invested in domain names and you want to lower your risks or understand strategies for the future, pay attention to these 3 experienced domain name attorneys!

Last month’s ICANN61 meeting has been described as a couple of days of discussion without real movement and no definitive action. The usual suspects were pushing for data access, and unfortunately, Domain Investors were conspicuously absent from any discussion/proposal.

As the May 25th deadline for GDPR implementation approaches, the industry will lose access to WhoIs data as we know it and there will be many months of “growing pains” as Registrars and Registries scramble to figure out how to comply with the EU* GDPR.

This will impact brokers, escrow, investors and lawyers.  In the interim, ICANN has asked or is asking the EU for an extension for the industry to work out a solution. In the end, investors are most likely going to be left out and not have access.

*Just because this is an EU regulation, it applies to anything accessible in the EU, such as any website.

Interview (52:52): Watch | Listen/Download Audio | Sponsors | Read Transcript

Your DomainSherpa Interview

Playback Speed:
This interview is promoted through a media partnership with

Thank the Sherpas via Twitter

(Don’t have Twitter? Post a comment of thanks or share on Facebook.)

Your DomainSherpa Interview, Audio Only

Download Domain Name Interview in MP3

Note: Adobe Flash Player (version 9 or above) is required to play this audio clip. You also need to have JavaScript enabled in your browser. Or, listen on iTunes or in your favorite podcast app (here are the feeds).

Or, grab a feed for your podcast app, listen via Stitcher or listen on iTunes.

Stevan Lieberman

Meet Stevan Lieberman of Greenberg & Lieberman (@StevanLieberman), a Washington D.C. based attorney who spends most of his professional time focused on prosecution (applying for Patents, Trademarks & Copyrights), litigation in intellectual property law, especially domain name / Internet law and Internet Technologies and contractual issues. He has also been instrumental in other aspects of the domain name industry; including both registrar & registry setup and management, foreign corporation setup, participation in the Internet Commerce Association and more.

Meet Ari Goldberger of (@ESQwire), In 1994, Ari came up with a concept to create an online Internet law firm which he called ESQwire, and registered the domain name In one of the earliest domain name disputes, the Hearst Corporation, publisher of Esquire magazine sued Ari in federal court. Ultimately the case settled, with Ari retaining the domain name, the case received substantial coverage on the Internet. Today, ESQwire has become a leader in Domain Law. Ari has handled hundreds of domain name transactions and has litigated domain name disputes in Federal courts and under the Uniform Domain Name Dispute Resolution Policy (the “UDRP”).

Meet Jason Schaeffer, (@MrGTLD), who specializes in Internet Law, Domain Name & gTLD Counsel – Protecting Domain Assets, helping Applicants navigate the new gTLD process, Registry/Registrar and ICANN Policy discussions, and Reverse Domain Hijacking Decisions (RDNH). Jason is also the co-founder of , an annual digital branding conference in NYC.


Have a generic question after watching this episode? Leave a response.

Interview Raw (Non-Edited) Transcript

Download/Read the Domain Name Interview Transcript in PDF FormatInterview Transcript in PDF Format (Right-click to Save As…) [View in Google Docs]

Watch the full video at:

Tess: On today’s Sherpa review, we bring in three esteemed attorneys to discuss a legal review. We talk about contracts, the best way to set up a sale or acquisition contract to ensure, you know, no problems going forward. We also discuss some interesting trivia such as first UDRPs, Steve Jobs, and the GoDaddy’s creation of Domains by Proxy. But most importantly, we talk about the privacy and General Data Protection Regulation called GDPR, which goes into effect on May 25th, and effectively ends our access to the WHOIS database. What this means to you and what we’re going to do about it as an industry is discussed in general and as well as some unintended repercussions for domain fast security and more. All these on today’s show. Enjoy.

Hey, Sherpa network. Thanks so much for joining us today. I’m Tess Diaz, Executive Producer of, and this is the DomainSherpa Legal Review. This is a show where we get into the minds of successful domain name attorneys using real examples so we can learn strategies and tactics to become smarter investors ourselves. We’ll discuss or debate a focus topic. Joining us today on the DomainSherpa Legal Review are three phenomenal Sherpas and industry thought leaders. With us on Sherpas today, we have Ari Goldberger and Jason Schaeffer of and Stevan Lieberman of Greenberg & Lieberman.
Also joining us with his domain investor Q&A is Andrew Rosener, CEO of Media Options. Sherpas, welcome to today’s show.

Jason: Hi.

Andrew: Great to be here as always. Great to have you guys all on the show today.

Jason: Good to see you too, guys.

Tess: Yeah. This is a great treat to have. You know we’ve never done a big legal review, and I think this is gonna be really exciting to start. I’m gonna tell you about the sponsors for today’s show who support us on our mission to educate people in the domain name industry.
First, serious about online trading, secure your funds, keep your merchandise safe, and use a company that keeps the buyer and seller protected the whole way through, that’s, payments you can trust.
All right. In the investors submitted Q&A, we take user’s submitted domain legal questions and provide honest and constructive feedback to the owners so they can make responsible choices with their domain portfolio. Today’s question follows, oftentimes when domain investors are trying to buy a domain either from another investor or end user, a price may be agreed upon in email or over the phone, only for the owner to change his mind later about selling the domain at all or increasing the price. Today, we’re looking for some insights from our legal Sherpas. Ari, what remedies do domain investors have in such cases?

Ari: Well, you know, first of all, it’s important to just determine whether or not there’s a contract in the first place and whether you have a remedy of going to court, which, you know, you ultimately do if there’s an agreement. You mentioned a conversation over the telephone. So in order for there to be a contract, there must be an offer, an acceptance, and consideration. Those three things. Consideration is the bargain for exchange, the this for that. In the case for domain, it would be the domain name for a certain amount of money. That’s the consideration.
The offer, I call up a domain or say a potential buyer calls up a seller, “Hey, I see you have this domain name. Would you like to sell it?” The seller says, “Sure. I’ll sell it to you for $10,000.” The buyer says, “I’ll do that. We have a deal.” Essentially, that’s a contract. The question is whether or not that contract is enforceable. And you have a difficult time enforcing that contract in court if the buyer or the seller backed out. And the reason is that you don’t have it reduced to some form of writing. It violates something known as the Statute of Frauds under U.S. Commercial Law. Contracts for the sale of goods over $500 must be in writing.
Now the domain is not necessarily good depending on where you are, but the bottom line is you’re not going to win if you don’t have a signed contract because it’s a he said, she said. He said he would sell it to me and the person that backs out perhaps is gonna lie and say, “No, no, I never agreed to that.” You can’t prove it. Imagine the flood in the court rooms if anybody could just go and say, “Well, he promised to sell me that,” or not. You need to have something in writing.
So is an email good enough? A potential buyer emails the domain owner and ask domain name for sale, domain owner says, “Yes.” The buyer asks, “How much?” The owner says, “I’ll sell it to you for $10,000.” The buyer emails back, “I accept. I’m gonna pay you this amount of money. I’m gonna pay you tomorrow. I’m going to do this, that, and the other.” There can’t be a lot of important details left out. If the important details are left out, it’s hard to argue there was a contract. “Yeah, I said I’d buy it from him but I also told him I had to see if I can get the money together,” or, “We didn’t talk about whether or not I had to pay it all upfront or whether I had to pay it all over time,” etc. So really what’s…

Jason: A lot of times what happens is they do that, they qualify it. “Oh, I have to go back and talk to someone. Well, the decision maker.” That’s not an agreement.

Ari: Right.

Tess: So if as an owner, if I’m responding to an offer, it might more helpful if I were to say, you know, I counter offer or I name the price, but then I say, “Let’s do this via,” or just via…

Stevan: No, no, no, Escrow.Domains.

Tess: Okay. And then you say, “Does that work for you?”

Ari: So here is the deal. Here’s the kind of catch 22. Because buyers and sellers often back out of deals especially of the deals happens real quick, Andrew. Does enough. This deal is always. We’ve always done it. “Oh, my God, do I accept?” Like, “No, they got more money,” or, “I probably paid too much for it.” And then they back out and they try to renegotiate. So if you haven’t…yeah.

Jason: Andrew doesn’t do that.

Ari: Yeah.

Jason: He never does that.

Ari: Never.

Tess: No pressure, guys to renegotiate with Drew.

Jason: You’re in. Locked down.

Andrew: The wrath of hell will come down upon you.

Tess: Everybody leaves Drew happy.

Ari: So if you are the person who wants to enforce this deal, you wanna have that email exchange to be as concrete as possible. And then if you say, “Well, let’s do it via,” and then the guy says, “Well, it doesn’t do it.”

Stevan: Escrow.Domains, Ari. Escrow.Domains, come on. Get it right.

Ari: Okay.

Stevan: You know, the other thing you should remember is that…and writing is any type of writing. You know, it doesn’t have to be via email. It doesn’t have to be on paper. It could be a bunch of I am’s going back and forth as well, as long as you have all of the elements that Ari pointed out. You know, the offer, the acceptance, consideration, you know, the amount, etc.

Ari: Here’s what I suggest, if you want to have those details. As a buyer, I want the seller, the one I represent that there’s no claims against this domain name, that this person owns it. It’s not like subject to a divorce. You know, there’s a lot of things that you want. You want to know he has a right to sell it and you want to issue a contract. However, if you’re worried that a party, say the seller is gonna back out of the deal, you don’t wanna send an email saying, “Okay, I accept your offer. We have a deal. Now I’m gonna send you a contract.” Now the contract is gonna have different terms.
So the person says, “You know what, we didn’t agree to all the terms in there,” so I think the best way of doing this, you lock an offer acceptance down in the email. You have an agreement. And then you send a follow-up email saying, “Attached is a written document which memorializes the terms of our agreement.” So you already have the agreement. Get them to sign it. If they don’t sign that agreement, it’s tough. If you go to court, you can hire a lawyer. You can spend a lot of money. You have to decide whether or not it’s worth it because as the seller, you’re not gonna be able to force someone to buy a domain name. You gonna just be able to get damages. You know, what are your damages?

Jason: [inaudible 00:09:01]

Andrew: So I’m more concerned as…I mean, as a seller, this happens to us often, right? Whether we’re the broker or the actual seller, it happens a lot. For whatever reason, last year was a particularly bad year where really a quite percentage of deals that would get to the finish line would then fall apart because the buyer would back out. But my main concern, and I think the emphasis on the question at hand is about as a buyer. And so I’m dealing with a situation right now where we have…it took months to track down the owner of [SP].
We agreed to basically all of the terms over the phone. I actually had a representative go and meet the person in person, and they shook hands and made the deal. But now I’ve got a witness to the deal, right, and then maybe, and then we’ve got emails exchanged back and forth which even though they don’t weigh out like boom, boom, boom, “Here’s the bullet points of the deal and I agree, I agree.” It’s a reinforcement to the agreement that’s been made over the phone. We’re buying the domain name from an agency and that agency was acquired by a much large company. And so the agency, the Chief Operating Officer has made a deal. I mean, as far as…I’ve been doing this a long time. I mean, this is as locked in as it could from my standpoint with the COO of this company.
We’re at the finish line, you know, ready to wire the money. I have agreed to just no use any escrow and wire the money directly to them because they are large enough company that I don’t think they’re gonna, you know, run away with my money. Now they have run up the chain for the signal seal of approval which was never stated. They never stated that they needed further approval. There was never any discussion whatsoever about needing approval from anybody else and my deal was made with the Chief Operating Officer of the company. This is an officer of the company. Now I would assume that…

Tess: Did you mean it got acquired in the middle of your deal?

Andrew: No, no, no. They were acquired years ago. But the point is just there’s a…

Stevan: What you’re talking about is real and apparent authority. As an officer he’s real authority to you whether you knew he was not he was saying I’m the CO, therefore he has apparent authority to do it. If he didn’t say it needed to be approved, then it probably it really doesn’t need to be approved. The hard part is going into court and is the cost benefit analysis of whether it’s worth filing suit at that point. Which is why I would suggest that every time you go through and you’re actually going through negotiations, you say, “Well, if there’s any issues,” and you put it in writing, “I’d like this to go to arbitration,” and try and do limited arbitration.

Andrew: What’s interesting here is that I basically followed what Ari mentioned before, which is we’ve come to this agreement. It’s pretty holistic. We’ve talked about the terms, timing, price, you know, basically all of the major deals points have been discussed, been agreed upon, and then I’ve gone and sent them a contract and saying, “Okay, I’d like to memorialize this deal in a contract,” and I expressly say that, “Because I’m gonna be wiring you the money directly without any intermediary escrow, I’d like to just memorialize this in a formal document.” And so I’ve sent that to them. And at that point, they said, “Well, this contract would need to be signed by our parent company,” right? So parent company says, “No deal. We don’t wanna sell that domain name. We think it’s worth more.” Now I do wanna note and this is not a low-ball offer. And this is like I’m paying double what I believe the wholesale price of this domain would be, but it suits a very specific purpose which is why we’re overpaying for it.

Jason: Andrew, in this discussion you’re bringing up facts, the relevant facts. You’re going way beyond. We were discussing it’s…we did exactly what we were supposed to. Because imagine if you didn’t do that and then you wired the money and then money is gone, of course you have to protect yourself. You brought up a point that you relied on, right? You sent an agent, a representative there, so you have a with that. You went and visited the company. So you’re in a very different position than the typical party. If you wanted to go through the expense and articulate this and file a complaint, you could and you could convince the court of all these elements and establish that in fact there was a contract. Again, it gets back to what Stevan said on whether that agent had authority to act but you have establish these elements. But you are in a very different class than a typical party.

Andrew: But this is what I wanna flush out through this discussion is some of these points. So, first of all, I was dealing with an officer of the company. So I would perceive him to have full authority to make a deal with me. Is there a consequence to that by law? Like if somebody has the title of Chief Operating Officer, isn’t it construed that they have authority to make decisions and enter into contracts?
Stevan: If they present themselves as being an officer then they have apparent authority. If they actually are an officer, then they have real authority. And now the other thing about this to remember is that this goes back to jurisdiction again, the rules pertaining to authority and corporate law are different from state to state. So the question is where can you actually file a suit. You can certainly file a suit where they’re incorporated. You can certainly file a suit where the main base of business is or where they can reasonably expect to be sued, but the question is could you actually sue them where you are?

Ari: If [inaudible 00:15:06] were made to where Andrew was at, if they understood, knew where he was at, I guess it’s a possible argument to me. You know, what’s interesting is when you said that you were just gonna wire the money directly to them, had the guy given you the wire instructions and had you wired the money? That would evidence. You know, the writing doesn’t have to have all the terms. It has to prove…

Stevan: Good point, Ari.

Ari: Yeah. I mean, that would the argument. But the bottom line is if you think that you’re right and you think that the morals and that, you know, this guy really believed that he was selling and you had all these terms, you sue them in court and see how they react. They may say, “You know what? We don’t wanna spend money on lawyers. This isn’t good for us. Maybe we should just do the deal.” And then what’s gonna happen is the lawyers are gonna get on the phone and they’re gonna try and settle it, and maybe you’ll come out with a good situation.
So if you really, really desperately want this domain name and it was really, really a good deal and the facts…and you would need to see those emails to understand this is exactly what went back and forth. You may make the decision that, “Yeah, it’s worth the hassle even though I may only have a 30% chance of winning, maybe we’ll settle and we’ll work something out because these guys screwed me. I was dealing with the CO of the company. I worked months. I had all these expenses.” So it’s a possibility and it all depends on how much it’s worth whether you do that case.
We had a case back in…God, it was like 2001 where we bought for a really nice price. You know, we were going at this guys for the longest time and they just backed out and we had a signed contract. We went to court, they argued through the fences that there was another partner, that they didn’t have the right authority…” blah, blah, blah. We ended up settling and they gave us for free which is nice. So you never know what might come out of it, but, you know, you’re not gonna…unless you have a real legitimate case, no lawyer is gonna take the case to file it because then you’re gonna be subject to sanctions. It’s be interesting to see where you’ll file this action. If you file it, the jurisdiction can be convenient to you and inconvenient the others. You know, they may be more willing.

Andrew: So that’s a perfect segue to my next question that I wanted to flush out is how does jurisdiction play into this? Which is, you know, ties in our original discussion. So this particular company is in Germany. We’re based in Panama, but the buyer on the contract which is a sister company of ours…are you guys having a hard time hearing?

Ari: I missed the last two things you said, Andrew. Can you repeat that?

Andrew: So the seller is in Germany and we’re in Panama and the buyer on the contract which is one of our, you know, sister company is in Gibraltar, and it’s a dotcom domain name. And so the question is where could I file a suit and do I have a choice, you know?

Stevan: That takes actually a little bit investigation. Obviously you can file a suit in Germany. There’s no question about that one. It’s unlikely you could file a suit in Panama because what sort of contacts would they actually have in Panama. But if they’re a big company, they may actually have contacts whether they’re doing sales. I mean, I don’t know what this company does in the United States or…

Andrew: They definitely have a lot of business in the United States. A lot, a lot.

Stevan. Right. What we’re talking about here is personal jurisdiction. And personal jurisdiction comes down to where the company can expect to be sued. Now one of the problems with jurisdiction is even if you can get jurisdiction over someone staying in the United States and it’s a German company, you’re gonna have to still have to serve them. And we are treating you…

Tess: The same guy who did the handshake can serve them.

Stevan: Yeah, maybe not. And only if you can get them to…and someone who is reasonable to serve like an officer of the company to come into that location. I mean, I believe there’s an old case, I don’t remember the name, where somebody served somebody while they were on a plane flying over the appropriate state.

Andrew: No way.

Stevan: Yeah, absolutely.

Tess: Okay. You need to find that. Was it about a domain?
Stevan: I don’t believe it was about a domain name at all. That’s really not the point. Jurisdiction and service of process are necessary in every single case because, you know, you can’t go against the lawsuit unless you’re at least trying to notify somebody about what’s going on.

Tess: That’s wild.

Andrew: I guess to brew down my question is, you know, would I have a valid complain to file in Virginia where…because ultimately if I can…

Stevan: No.

Andrew: No?

Stevan: No. Not based upon the facts that we have so far because the basis that we file in Virginia is in rem. Or we’re filing against the thing itself. And that’s under something that’s called the ACPA. The ACPA says you can file in rem when you can’t find the other person. But in this case you absolutely can find the other person. You know where they are. Just because they are in place that you don’t like, doesn’t get you past that element of the ACPA.

Tess: Okay. Sorry…

Andrew: So one last question. Let me ask one last question. Let’s just assume that I had sent this guy the contract and he had signed and in that contract, I laid out that I selected jurisdiction to be the Eastern District of Virginia and he signs a contract and I have the contract. Neither of us have any reason to that jurisdiction there, but we’ve chosen jurisdiction in Virginia. Is that now valid?

Stevan: Yes.

Andrew: Ari, you’re shaking your head.

Ari: Yeah, yeah. It’s interesting. It’s interesting that two parties can agree to a place of jurisdiction that neither of them have any contacts with, just by merely including it in the contract. That’s interesting.

Andrew: But what is your opinion?

Ari: You can agree to an area of jurisdiction. I think that that would work, that the party could be sued for bridge of contract. It’s raises interesting public policy issues, doesn’t it, Jason? If you can go on with, you know, if everybody want…for example, let’s just say that California is really, really a great place to enforce a contract on domains, but I live in Philadelphia and the other party lives in Panama and we can just choose California. I think the court could reject the case, not on jurisdiction grounds but on venue, right, if it’s transferred on its on condition.

Stevan: Not if you put in to the contract. I mean, this is standard forum shopping. It’s why we have so many bankruptcy cases down in Texas. I mean, people do forum shopping all the time and people negotiate jurisdiction in venue inside of contracts on a regular basis. All the parties agree, they all agree. Sort of the end of investors.

Jason: No, they can, Andrew. You’re talking about a situation where you’re now already performing under the contract. Not this situation where it was breached. It was two signed contract. You’re trying to enforce it. You know, getting to what the Sherpas are getting to, they’re probably not gonna be in that position or very few would.

Andrew: Yeah.

Jason: We already have a contract that’s been established and now you’re forcing it in that way. But the other thing not to forget and it’s important for the Sherpas to remember is all this is great. You can hire attorneys, file a suit, win the case. What are you damages? And that’s really the key. And if you get a monetary judgment against them or you get specific performance, which is very difficult but you can, you have to enforce a judgment. So if you’re enforcing a monetary judgment and they’re somewhere far away. They don’t have any contact with the United States or you, you have to enforce and go to that jurisdiction and enforce the judgment against them. That’s another step in the process. You have to think about whether to go forward with it.

Tess: Okay. This is really fascinating and I think in particular this gives us a great insight for the Sherpa network on how to set things up. Drew, you set it up well, now you have that difficult decision making process of what to do about it. We’re gonna move on to our focus topic on GDPR. Before we do, I’ll tell you about our sponsors who support us in our educational mission.
Finally, you are domain name investor, don’t you have unique legal needs that require a domain name technical knowhow and the industry experience? That’s why you need Stevan Lieberman of Greenberg & Lieberman, or Jason Schaeffer of Go search for Jason Schaeffer or Stevan Lieberman on DomainSherpa. Watch their interviews and you can see for yourself that they can clearly explain issues, can help you with buy/sell agreements, deal with website content issues and UDRP actions, and even help you write your website terms and conditions. Stevan Lieberman and Jason Schaeffer are the lawyers to call for internet legal issues. See for yourself at or
So now we’re ready to discuss something that is going into effect May 30th that really a lot of people are concerned about and not sure quite how it will affect us. So the Privacy and General Data Protection Regulation, GDPR, it comes from the European Union and some of their privacy laws. And then as we look at that, we also know domain theft has been on the rise, and we’re worried it might get worse with the GDPR repercussions. And so we wanna get in-depth with our legal Sherpas today on how GDPR will impact investors, what investors can do to prevent theft, and what recourse they have if theft occurs. Let’s try to keep this pretty high level, especially because we don’t know a lot of what’s gonna happen. But Jason, could you first just briefly summarize what GDPR is and what the biggest impact or concerns for domain investors you foresee from its rollout.

Jason: Sure. Thanks, Tess. GDPR, and it’s actually good that we’re doing this today. Today as we’re filming, Mark Zuckerberg is testifying before Congress on the Facebook privacy issues. So, you know, what everybody has to remember with GDPR is in the domain where we’re hearing about GDPR and its impact on who is. GDPR is much broader than that. You know, the European Union put this together to protect privacy rights of individuals. And the GDPR specifies that you, and Drew, and me and everyone has a privacy right to privacy. And how that data, that personally identifiable data is then used by a company. So Facebook is subject to GDPR in Europe and not necessarily the United States. That’s not what we’re talking about here. What we’re talking about in the DomainSherpa world is, “Wow, wait a second. ICANN now has problem when its hand.” Registries and registrars are both subject to the GDPR when they’re doing business in Europe, and most of them do.

Tess: So the WHOIS database that in the past has been required to publicly show people’s info, now in Europe, that’s a problem and…right?

Jason: And it’s not just limited to that. So if I’m dealing with an European party, the person, individual in Europe, and I take their information and I publicize it, I may be in violation of the GDPR, and that’s a problem. So what ICANN and our community has been trying to deal with for the past two years is to figure out what do we do with respect to WHOIS. Now I can tell you safely that on May 25th, after May 25th public access to WHOIS and as we know it as the main investor is gonna change. We know that’s gonna happen. How we deal with that is really what’s up in the air.
You know, there were some proposals that we’re going to have a different way of recording domain registrations and will have an accreditation system where certain parties will be allowed to get access. Some of the parties that you should have access or want access will be law enforcement. You know, people looking policing for counterfeit goods and harm. Attorneys like us, we would hopefully have access as IP attorneys to do certain things. But the days of, Drew and Ari and me and Steve and you getting online and typing in and just drawing out a WHOIS query, that’s probably gone.
And I think as a domain investor, it’s going to impact them in the sense of now you’re not gonna be able to get that access. Right now, domain investors are not really included in the potential groups that would have access. It’s gonna be very hard to articulate a legitimate purpose or interest for domain investors, general domain investor to have this access. Because remember, you have to balance the…it’s not about the data. It’s about the privacy right of the individual. So we have to come up with a new system to help address this and deal with this.

Tess: So, first of all, I think I just said May 30th. So just to be clear, it’s May 25th is the day of implementation. And basically, WHOIS, like is this not chicken little, but WHOIS is basically to the common user WHOIS is dead on May 25th.

Jason: Well, basically we’ve got a lot of registries and registrars taking unilateral action. And with ICANN not having yet come up with a proposal that works. Now they’ve been working on this and they have many interim plans, but nothing has been said or would lead us to what would be effective and what would protect. Because what’s really at issue here is these companies are subject to massive penalties, somewhere if you’ve got the €20 million or 4% of your gross earnings. So you’re not gonna take this lightly as an in tap [SP], they’re not [inaudible 00:29:09]. And that’s what’s at stake. So registry, like when we look at affiliates, I think last week affiliates came up with a statement that we were only going to reveal very light amount of information on registrations.
They’ve since backtrack from what their proposal was and I think and part of because of Goran Marby’s letter to the EU. The CEO of ICANN wrote to the EU asking for a reprieve. Basically what’s on the table is that we’re hoping that the EU says ICANN and the registry registrar will have a temporary reprieve from the GDPR until we’re able to figure out how to effectively deal with this issue. So whether that happens, I highly doubt it’s gonna happen by May 25th, but I guess it could. So you’re gonna see different companies handling it differently in the interim.

Stevan: At [inadible 00:29:59] we’re planning on rolling out our changes for GDPR on the exact same day because if we implemented prior to, we’d be in violation with current laws. And if we don’t implement them on that day, then we’d be in violation of the GDPR. So it’s sort of strange balancing acts that almost no matter what gonna be in violation to something. In this case we’re clearly gonna be in violation of ICANN WHOIS because they have change that either.

Tess: All I can think is thank God I don’t work at registrar anymore because I would try to take May 25th off. So I’m worried kind of for Media Options then as a broker, how are we gonna be able to…you know, I mean we’re research the hell out of the people and who they bought…you know, what they buy, who they are. I mean, I’ll never forget the time. I talked to a guy I was trying to buy a domain from and he told me his daughter who he was gonna that weekend was having her second baby. And to myself I’m like, “I know, because I already researched all of that about you.”

Jason: Well, Tess, you just said…think about that a second. If…

Tess: Yeah. That’s creepy.

Andrew: That’s right. That’s private information that you were able to figure out from WHOIS. So that’s exactly what the law is going towards to say, “Is it appropriate to have access to this and how do we manage that?” Because you as a company investigating someone, there’s balancing of factors that you have to figure out and the EU is coming down saying, again, they didn’t draft this with the eye towards WHOIS. This was not on their radar. But it is about keeping people safe. And there are arguments within ICANN and the community, Non-Commercial Stakeholders Group brought up a very important point in their comments yesterday or the day before about protecting the rights of religious minorities, or people who are oppressed, or people who are buying domain names for political purposes. And they don’t want that information getting out there because they’re in danger. Maybe not necessarily the United States, but elsewhere that’s a real issue.

Andrew: Go ahead, Ari.

Ari: The problem is that although this is intended to protect the privacy of individuals, it actually has some negative impacts on individuals. Individuals who are the main sellers want people to be able contact them. And I’ll give you another example. Somebody runs a plumbing business and their domain name is Joe’ And they wake up one morning and they realize they’re not getting any emails because somebody stole their domain name. And the person who owns the domain name wants to do a WHOIS and they can’t find out who has their domain name. Now they can ultimately go to the authorities and file an action or do whatever they need to do. Maybe ultimately get access to the domain name. But in the meantime, Mrs. McGillicuddy is having [inaudible 00:32:57], right? So there’s a lot of problems.

Stevan: It’s also an issue for us at Escrow, same thing that we wanna know who are we dealing with, and we have requirements to know who we’re dealing with in the process. And it’s almost impossible to check without WHOIS at least initially.

Tess: So there’s gonna be a real impact on due diligence and domain security. Now, I mean, in general, we’ve seen a trend that domain theft is on the rise. Do you think that’s going to increase because of this?

Andrew: So let me just comment. So a big part of our job is…on both sides, whether we’re selling or buying. But a lot of our business is getting a higher buy companies or individuals that want us to help them acquire a domain name. And in many cases it’s because the owner is hard to find. Maybe it’s a bad email, a bad phone number, but WHOIS information, maybe it’s under privacy. And the only way that we’re able to do our job is by doing WHOIS research, historical WHOIS records. And then on the sales side or on the buy side, a big part of what we’re trying to do, you know, as our value add to a transaction is due diligence.
It’s understanding the chain of custody for a domain name, understanding that we are negotiating with and dealing with the proper owner of a domain name, and verifying that once a domain transfers and it’s been transferred to the right party. As Stevan was alluding to from escrow standpoint and the responsibility of an escrow agent to, you know, verify who they’re dealing with and the proper parties are sending, receiving the goods or service. And this will, for all intents and purposes eliminate our ability to do any of that. And so I’m very concerned about what that will mean for our business as well as, you know, the ability for us to verify that we are acquiring a domain name from the bonafide owner, and that the chain of custody is clean and clear.

Stevan: You know, we have the requirement as attorneys to know our clients. And what this is basically gonna do is gonna force us to ask for more information from people to get them to prove who they are and show their ownership through other means. For instance, renewals of the domains names. Things of that sort and/or signing separate contracts to allow us access to the underlying WHOIS information to speak directly to the registrar. Things of that sort.

Jason: You know, I think, Tess, you said it, don’t win on the chicken little. I think you’ve mentioned that. You know, the world isn’t gonna end on May 25th. We will be able to figure out how to deal with this. It just won’t be the same way as you’ve done it from the past 10 years. And that we’re gonna be in a new world. We have to balance the equities of what’s happening. And there will be other solutions to the issues. You know, you don’t have to articulate a legitimate interest for that data and how you’re gonna use it, right, Drew? So, yes. I don’t think you’re gonna be able to do the same type of, you know, at midnight just type in a query and figure it out and just [inaudible 00:36:28] reverse lookup like you used to. No. But you will have that ability. We’ll have to roll them out over the next six months to a year, and that’s what ICANN is struggling with is how to do that. But we will come up with solutions. We always do, and it will just be a different way of dealing with it. So you’ll have to use, you know, different methods.

Andrew: One thing that is interesting, you know, there will be a positive impact on somebody is marketplaces. I think that when people have lost the ability to look up the owner of a domain name and contact them directly, they will now be left with no other choice than to come through a marketplace such as Afternic or Sedo where, you know, they can get access to a domain owner. And so that probably is gonna be a sort of undesired…well, it depends on which side of the fence you’re on, but it will be on…you know, what’s the word?

Jason: Unintended consequence.

Andrew: Unintended consequence.

Ari: Yeah. I think that registries are gonna have a lot more power now as well. If a person can’t do WHOIS, they’re gonna contact GoDaddy and then GoDaddy has the information to contact that person. And, you know, I’m wondering whether or not registrars might see this as a boon and not necessarily…

Andrew: Absolutely.

Ari: Sure. And the registries have a lot of influence on ICANN.

Jason: The issue though is how you deal with it. Let’s just take the registry example. As a registrar GoDaddy, registrar. As a registrar, you need to now manage that data in a responsible manner. And, you know, how you handle that is going to dictate whether or not a DPA or anybody in Europe is gonna say you’re in violation. But, you know, with this comes with a lot of opportunity. And we’re just moving into a new phase of the industry. But, yeah, there are big changes and it’s gonna change things. So getting back to Tess’ question, I think you were asking domain theft, right, and how this impacts domain theft. Well, obviously if you can’t identify who has the domain name, who has ownership, it really curtails your ability to do that. But in this case, an attorney would be able to do, right? You will be able to say, “I’m now filing an action. I’m able to take steps. I’m gonna be able to have access for this specific purpose.”

Stevan: It might actually make it a little bit easier from their point of view doing domain theft cases because by definition we won’t be able to know who the person is that has the domain anymore. So we will fall onto the ACPA no matter what.

Ari: Rem actions, huh? What do you think?

Stevan:Yeah, No.

Tess: So…oh, go head.

Andrew: In contrast though, it’s interesting, we’re gonna see how the cards fall. But it may make domain theft more difficult because if you don’t…the way that most of these domain thefts happen is by email hijacking, right? And so if you don’t know what the email is on the domain name, how do you go about hijacking that email and take control of an account or domain itself? Two points I’ll make is after May 25th when WHOIS goes dark, update, change your email address on all domain names, and nobody is gonna be able to steal them because they won’t be able to find out what the domain is, right? So if the historical email is no longer the current email, nobody will be able to know who the administrator’s email address on that account is and nobody will be able to steal it or access it or anything.

Tess: That’s brilliant.

Ari: I’m knocking on wood because I don’t wanna underestimate the hackers out there.

Tess: And if you wanna sell your domains, you better keep that old thing, email active or put a site up…

Andrew: Exactly. You need to put up a site. You need to put up a landing page or you need to have something on the landing page that gives people the owner to access you, because otherwise you are going to be beholden to a Sedo and then Afternic and your registrar. Because really marketplaces using registrars will be the only access point that people will have to get a domain owner. Now luckily like we’ve been in business long enough and we’ve inquired on so many domains that we have a database of our own of domain ownership going back, you know, on virtually every valuable domain name out there, right?
So we will still have some gateway and access to owners, but it will become over time. It will become stale unless, you know, a new system is developed. You know, ultimately, I think we need a proxy system. I think we just need some of form of proxy system whereby like a domain’s proxy where I can’t publicly see your information, but I can still get to you directly if [inaudible 00:41:29].

Jason: That’s gonna happen. There’s gonna be ways to reach the domain. Okay? You know, you’re not gonna suddenly be in this black box where nobody is gonna be able to communicate again. But you may not be able to see who they are or where they live or who…you know, make that personal connection to who they are. But, yes, there are talks about how to do it. I think the most popular method that probably will take place is you’re gonna have gate keepers, right? Where you’ll have accreditation processes where you’ll be accredited to get access to information. But that’s not the easiest answer either because as the accredited provided to get access, you’ll still be gonna be liable for GDPR violation, so you better watch out. If you gonna go take that info, you better keep it. You have to keep that private yourself. You don’t want to open yourself up to liability.

Ari: You have to keep it very private.

Jason: So it’s not a bad thing. It’s actually a good thing.

Tess: I like that.

Ari: He’s keeping it private. He’s not sharing our database.

Jason: It’s not about that. We’re just moving into a new era and we have to deal with it. As a community we have to figure out ways for it and we’re doing and when things will change. But I think for the people watching today, that really haven’t followed it closely, they need to know that things are gonna change dramatically in the near tear and you’ll just have to get through it over the next six months to a year.

Tess: Yeah. I have a story, a comment, and then let’s wrap. My story, you know, Domains by Proxy which is GoDaddy privacy option actually was created because a woman who was a victim of domestic violence reached out to GoDaddy, wound up I believe speaking directly with Bob Parsons and they recognized that there was a real problem that she was required to have valid info but someone was using that info to hurt her or potentially and there was no legal recourse for her. And so the GoDaddy attorneys, they cared enough about this woman and this situation and realized of course that it would be larger than this one circumstance and that’s why they created Domains by Proxy.
And I know over the years there have been some talk about…they feel like that’s…I don’t even know legal words, patentable, trademarkable. That they were the ones who created the idea of being a proxy on someone’s else behalf. I don’t wanna get into a conversation about that. But I think it’s an interesting trivia and it’s gonna be interesting to see how everything else rolls out. Just as a comment overall, I think it’s crazy that there can be some new law and all of a sudden on May 25th, like good luck. We don’t have a plan yet but we keep working as an industry and [inaudible 00:44:15]

Andrew: Welcome to globalization.

Ari: But it’s unfortunate that decisions that are made in the EU in this particular case are affecting U.S. and other international domain name owners. I think that maybe the registrars are gonna have to get a little more creative to protect the U.S. owners without violating the European laws, and that might be a marketable thing for a registrar, to be that registrar.

Stevan: Every country and not just U.S.

Andrew: But they’re not interested. It’s exactly what we alluded to before. This is in the best interest of the registrars. This is going to be a huge boon. They’re not going to be able to charge 15% or 20% or whatever it is GoDaddy charges on everyone domain that anybody wants to acquire, a very high portion of those are going to have to come through the GoDaddy buy service or Sedo marketplace. And, again, the marketplace is it’s only as good as people who have listed their names there. So I think this is a boon to registrar in an unintended way that they haven’t realized yet, they quickly will. And I don’t think they’re gonna be motivated to fight this at all. I think they’re gonna encourage it.

Tess: Well, I think we’re a smart and resourceful industry and I’m fascinated to see what does develop. So thanks, guys. I think we’re getting into the end of today’s show. And I’ll like to give the Sherpas an opportunity to share anything they have going on in their lives, personal or professional, brokering, selling opportunities. I don’t know what you guys do as much as that. Anyone you wanna give a shout out to. Stevan, shout outs? Anything.

Stevan: Well, I’ve got lots of shout outs actually. Obviously, is Greenberg & Lieberman’s main website. We do lot’s domains theft cases. Go take a look at A few of those things are up there. We run an escrow service, or Escrow.Domains. And we’ve just rolled out a new trademark search at So take a look at that. That’s a free search and it’s gonna include common law search as well which is coming up very shortly as well as image search for trademarks and online on the internet. So that’s just a couple of things going on.

Tess: That’s amazing. Amazing, Stevan. Okay. Thank you very much. Jason, Ari, I don’t know if you wanna go together or separate.

Jason: Well, one of the things that we’re excited about is our show NameSummit coming up this August which you guys are part of it. And I hear there’s talks to actually have a DomainSherpa taping at the event possibly. We don’t know. Maybe that will happen. But, you know, we wanted to do something special for the Sherpas out there and give them special discount codes for the New York event. You know, I’m gonna be announcing our agenda shortly and we have about 30 speakers right now lined up covering everything from SEO to search to influencer branding to, you know registries and registrars talks about new TLDs, value of a domain name. Really the focus is talking about what you do with your domain names and how you launch a business online and make it successful. And building on the conference from last year, we really amped it up.
As you may know we’re doing the Pitchfest, so anybody who has an idea, a concept can go to and sign up for Pitchfest Global. Well, a winner of Pitchfest Global is going to get six months of coaching from our influencer branders which is tremendously valuable. They’re gonna get support from us, support from NamesCon, some support from you guys at DomainSherpa. The winner is going to be able to talk and talk about what they’re doing over the six month period and they get to come back next year at NamesCon and speak to the audience there. So the winner of the event, I think really is gonna get a major marketing boost and that’s the goal of why we built this. So for all the Sherpas out there and that haven’t sign up yet, we’re gonna offer…right now the first 10 that sign up, they use the code “DomainSherpa,” and they’ll get a 50% off of the ticket price which just went up. So it’s a great value for your audience.

Tess: That’s awesome. Thanks. I was at the inaugural NameSummit last year in Manhattan. It was super, super informative. And so it’s early August. What? August 7th….

Jason: August 6th and 7th. So it’s a Monday and Tuesday of August and we’ll probably gonna try and set up something special for our domain industry friends that fly in and maybe do something Sunday night. A little small event for our community. But as you know, Tess, from the event, you know, it goes way beyond the domain industry. It’s really pulling in from digital agencies and entrepreneurial people and all throughout New York and it’s a nice event.

Tess: Yeah. I think it’s fabulous and I like that set up that it really brings in a lot of different perspectives and it gives us an opportunity to reach out to our larger ecosystem. Thanks, Jason. Ari, how about you?

Ari: Basically, we’ve got a couple things in the pipeline. We are updating our ESQwire site. So it’s a little due.

Jason: Just a little bit.

Ari: We’ve been developing some other websites in over the past couple of years and probably haven’t focused on that. It’s a little stale. So we have that coming up in the next several weeks and we’re also rolling out a couple other websites dealing with trademark law and also UDRP. And we’ll have more to talk that once we get that unwrapped.

Tess: Okay.

Ari: Thanks a lot, guys. This was a lot of fun.

Stevan: It was fun. Yeah.

Tess: I think so too.

Ari: Thanks, Andrew.

Andrew: And I just wanna say thank you to all of you guys. I’m really, really excited from the minute that we acquired DomainSherpa from Michael Cyger. You know, the wheel started turning in my head about what are we gonna do with this thing? We got a tiger about the tail. You know, having this legal perspective was like idea number one. I think that it’s one of the most underrepresented aspects of sort of industry discussion. I mean, we have great, phenomenal attorneys chiming in on some of the blogs sometimes and once in a while, you know, coming out as a guest on various formats.
But I think having a consistent panel of great attorneys to discuss relevant issues, timely issues, insights. I think it’s just so invaluable and it just escalates the conversation. It helps educate everybody. The more educate everybody in the space is, the less stupid mistakes they make, which the less money they lose, more money they can spend on better domains and everybody…it’s just makes the pie bigger, it makes everybody smarter and better, and so I’m excited. I really am. I think this is gonna be a phenomenal episode. I think, you know, this is gonna be a great segment or series. And so I’m really excited to continue this with you guys and I wanna say, you know, big thank you for coming on the show.

Stevan: Thank you. We appreciate it.

Tess: Here, here. This was fabulous. I think super informative. And I think I really hope our Sherpa network gets a ton out of it.

Andrew: No doubt.

Tess: And, I mean, it’s not often you can spend these much time with three attorneys and walk away with your pockets still full.

Andrew: And don’t forget to buy these guys a cup of coffee when you see them at, you know, one of the shows.

Tess: Oh, I’m sending them a cup.

Andrew: Absolutely.

Tess: Yeah, yeah.

Ari: Another one.

Tess: Here, here, Jason. Jason and Stevan were on the show before. So I know I will have a link to that when we post as well. And to our Sherpa network, let’s just say goodbye. If you received benefit from today’s show, please post a comment below thanking today’s Sherpas. Remember you can submit. If you have a question that you’d like for the investors submitted questions segment, please submit that to us. And thank you to each one of you Sherpas for joining us. To Jason Schaeffer, Ari Goldberger and Stevan Lieberman. And thank you, Drew, for being here as well. We’ll see y’all next time.

Watch the full video at:

Leave a Reply

Comments must be respectful and constructive. Read our comment policy.


19 Responses to “GDPR, the end of the WhoIs & what this means to you – with Attorneys Stevan Lieberman, Ari Goldberger & Jason Schaeffer”

  1. Why can’t domain sellers have an “opt out” option on the protection privacy dictated by GDPR? That would satisfy the GDPR because I’m directly authorizing the publishing of my personal data.

  2. Eric says:

    First off, this absurd EU law should not in any way, shape or form apply to US citizens or entities based on the data in the who-is system, but it apparently will, so I’d really like to know what authority the EU has to impose it’s will on citizens of the USA?

  3. Dean says:

    If the Registars are potential winners from GDPR-as Drew speculated-I’ll be interested to see if investors recognize it and publicly-listed companies (like GoDaddy) see a bump in their valuation in the months ahead.

    Then again, what % of GoDaddy domain purchasers choose the Privacy option?

    Will the Privacy option for $7.99 on GoDaddy be removed if GDPR rules go into affect? I’m not holding my breath. Want a pair of suspenders with that belt?

    I agree that the EU should not be dictating Worldwide policy on this issue for non-EU domain names registered. This is the overreach that generated the UK Brexit vote. It’s a Euro money grab, like the EU lawsuits that Apple and others have had thrown at them.

  4. Mike says:

    Terrific show! Thanks, everyone!

  5. ariel says:

    great show guys, thank you for your time and effort.

  6. Hi everyone

    Great show as usual. Here my solution: Like everything else, let’s put the choice to the owner of the domain name.

    GoDaddy for example has 4 “contact profile”, and I think it’s great.
    1: registrant
    2: Administration
    3: Technical
    4: billing

    All registrars must ask their customers what they want:
    1: Private (means ALL info are private)
    2 : Not Private (means ALL info are not private
    3: Semi Private (means, the domain owners can choose what will be private or not on his profile page)

    I totally understand for an individual who don’t want to sell his domain name, privacy is very important. But for a professional, who want to have access to sell or buy, its very important to have access to contact.
    I think the best solution is to take the “Semi private”, put a special email in the registrant profile (if you want to be contacted by someone who might be interested to buy your domain name) and the other profile (administration, technical, billing) Private with a different email and info. Done: you privacy is protected and all you important information (administration, billing technical are protected) . Let me know what you think.

    Jean Luc Gaudry /

  7. Saro says:

    Hi guys,

    Great great insights! Hope to see more legal shows on Sherpa. Loved it!

    At the 5:45 timestamp in the video, Ari seemed that he was going to give some advice on what to put in the contract to protect yourself against the “flake” buyers from saying:

    1) “ohhh I had to get a clearance by someone else” or

    2) “I thought I had the option to pay on multiple installments” etc…

    Never got to the answer as I think the conversation sort of got sidetracked (that was my understanding anyway).. It would be great if Ari can maybe get the chance to answer the above.

    Either way, thanks to everyone!


  8. Ricky Deas says:

    Thanks Tess,

    Very informative and timely show. I wonder how GDPR will affect helpful research services such as DomainIQ DomainTools and Estibot.

    On the good side of this I’m curious to know if I will continue to get those annoying Domain expiration notices from outside “companies” that claim my domains are at risk of being loss.

    Also: With Tax season just ending a couple of weeks ago I was wondering how domainers are handling things when it comes to tax filing. I think that would be an interesting topic. Would like to hear opinions on reporting reg fees, hosting fees for those who may have built out sites, portfolio investment profits and losses, internet connection fees, etc.

  9. Jon Schultz says:

    First, I want to thank all of you for producing this very informative show and making it free online.

    Second, I am not happy to be just finding out about this with so little notice. I haven’t received anything from any of the registrars I have domains at informing me about this change. We were just about to start an outreach push to market our domains to potentially-interested parties, in large part based on WHOIS lookups to see who owns somewhat similar domains. As stated on the program, not only will the coming change make that impossible, but domain thieves will be emboldened as well.

    And it seems ridiculous because there seems to be a simple solution. The registries should just require every registrar to offer free WHOIS privacy, as many already do (and those that don’t can raise their registration prices, if they want, to compensate for the lost privacy income). How can anyone claim that their or any domain registrant’s privacy is being violated when they have the option of putting privacy on their domain(s), free of charge, anytime? Where’s the ******* problem?

  10. Data Glasses says:

    I always redirect my names, hosting cost is minimal for what I require

  11. Tess and all the Sherpas,

    Thanks for a highly informative show. There was a lot of timely information that all us domain holders should be aware of. I too believe the registrars will benefit greatly from these new regulations. Like most, the Top players will benefit while us domainers will have to work harder and pay out more. Thanks for your time and educated insight into this matter.

    Look forward to more great info on this subject going forward,

    John Magavern

  12. tldboss says:

    Thank you Tess, Drew, Ari, Jason and Stevan for informative show, much appreciated.

    Look forward to more similar shows, complex subject(s) explained in layman’s terms.

    1. DomainSherpa says:

      Will do! Let us know if you have any particular subjects in mind.

  13. brand says:

    Thanks to everyone for a great show.
    What a great way for the Registrars to make more money off the Domainer, charge for a Whois look up..

  14. Nick says:

    icann now has to follow EU rules…. THANKS OBAMA

  15. Rae says:

    Great show! Thank you for presenting this topic. It will be interesting how we figure this out.

  16. ikehook says:

    What a pain in the ass, How am I going to check and see if I own a particular domain? I do more self whois checks than anything else, because I’m so disorganized.

    1. DomainSherpa says:

      You’re not alone there! I think it’s good we all have a deadline to get organized before May 25. Get to it ;)

    2. Jackie says:

      Excel is your friend….

Domaining magazine site recommended by
Copyright © 2010-2024 DomainSherpa. All rights reserved. Reproduction without explicit permission is prohibited.
About  |  Advertising  |  Affiliate Links  |  Disclaimer  |  Disclosures  |  Privacy  |  Terms  |  Contact Us