Privacy Policy Cookie Policy

ICA Webinar: GDPR Compliant Whois Access Model

Click the image to download Michael and Frank’s presentation deck.

The Internet Commerce Association (ICA), a non-profit advocating for the rights and interests of domain name owners and related service providers, is a trade organization for the Domain Name industry.

When the EU passed a privacy law called GDPR, domain name owners, cybersecurity researchers, law enforcement and many other folks across the globe lost access to important WhoIs information until a solution can be created that will work within this legal structure. For educational purposes, the ICA presents the following webinar with one proposed model.

The ICA advocates for the rights and interests of domain name registrants and related service companies. To educate the domain name community on one of the proposed models for post-GDPR whois access, they recently held a public webinar with the model’s developers. Watch it here!

Did you know… WIPO developed a post-GDPR whois access model that would allow whois access to many members of the domain name industry. The presentation of the model is brought to you by the ICA.

Listen, as Zak Muscovitch, the ICA’s General Counsel, introduces Michael Palage and Frank Cona, developers of WIPO’s post-GDPR whois access model. Michael is an IP attorney & former ICANN Board Member; and Frank Cona is ADT’s VP, Chief IP Counsel for Privacy, IP, and Corporate Sourcing. Michael and Frank present the model, which they developed in collaboration with WIPO’s Brian Beckham, and answer questions from Zak and the domain name community.

Topics discussed elaborate on whom would be able to have whois access, and how. Whether you’re a domain name broker, registrant, investor, journalist, or researcher, this is likely to impact the way you do your business, so have a listen to find out what happens to domain Whois research after GDPR!

Michael and Frank presented this model at ICANN65 in Marrakesh, and the ICA is now offering the public the opportunity to learn more about it. They discuss:

  • Are there benefits for registrant identification purposes, domain name portfolio management, and accessing registrar services?
  • If the WIPO Universal Access Model potentially provides Whois access to:
    – Secondary marketplaces and escrow services for verification and compliance
    – Brokers, agents, journalists, and researchers for due diligence, investigation, and acquisition purposes
    – IP, domain name, and business lawyers for domain name disputes and transactions

Interview (58:39): Watch | Listen/Download Audio | Sponsors | Transcript Coming Soon

Your DomainSherpa Interview

Playback Speed:
This interview is promoted through a media partnership with

Thank the Sherpas via Twitter

(Don’t have Twitter? Post a comment of thanks or share on Facebook.)

Your DomainSherpa Interview, Audio Only

Download Domain Name Interview in MP3

Note: Adobe Flash Player (version 9 or above) is required to play this audio clip. You also need to have JavaScript enabled in your browser. Or, listen on iTunes or in your favorite podcast app (here are the feeds).

Or, grab a feed for your podcast app, listen via Stitcher or listen on iTunes.

Meet Michael Palage, ICAAN Veteran, Blockchain consultant, and IP Attorney. As an information technology consultant, Michael earned a B.S.E.E from Drexel University and a J.D. from Temple University. Since ICANN’s foundation, Michael has been an active contributer to ICANN operational and policy matters, via both an individual and leadership role, including a three-year term on the ICANN Board of Directors. Mr. Palage is currently President and CEO of Pharos Global, Inc. which provides consulting and management services to domain name registration authorities and other technology related companies in connection with Internet governance issues. Michael has also been actively involved in the emergence of blockchain/distributed ledger technology as a co-founder in InfoNetworks, LLC.


Meet Frank Cona, Vice President, Chief IP Counsel and Chief Privacy Officer for ADT Security Services. Holding a B.S.E.E. in Electrical and Computer Engineering from Drexel plus his JS from Villanova, Frank was making waves since the very beginning, Co-Founding Villanova Law School’s IP Society. Frank has published numerous meaningful articles, notably Intellectual Property as a Business Tool, and holds a number of US patents for security and authorization.


Meet the ICA Board Members who volunteer their time and extensive industry expertise to advocate for your rights via the ICA.


Have a question or comment after watching this episode? Leave a response.

Interview Raw (Non-Edited) Transcript

Download/Read the Domain Name Interview Transcript in PDF FormatInterview Transcript in PDF Format Coming Soon (Right-click to Save As…) [View in Google Docs]

Watch the full video at:


Watch the full video at:

More About…


Leave a Reply

Comments must be respectful and constructive. Read our comment policy.


3 Responses to “ICA Webinar: GDPR Compliant Whois Access Model”

  1. ellisa grant says:

    there is rule in EU that says you must take consent from your customers before collecting their personal data and to fulfill this thing some companies provide the consent management like cookie consent etc.

  2. Albert says:

    What happened to last week’s interview? (Thanks)

  3. De Jong says:

    I feel a lot American lawyers really have trouble understanding European privacy laws, which has led to the whois blackout we experience today. We have overzealous trademark lawyers wanting access to the information of everyone on the planet (which is obviously illegal) and overzealous registrars demanding a court order for whois access (while European countries do not have such high requirements to access whois information.). And then you have parties who want access, but have no legitimate interest according to European law (such as journalists).

    But from the top of my hat there are really four kinds of reasons why access can be reasonable. For governmental investigations of fraud or crime, for legal disputes between two parties, to be able to provide the service to registrants (for the functioning of the internet) and at the request of the domain owner.

    You cannot give unlimited access to anyone. So governmental organizations need as much access as they need, but not more than necessary. For the functioning of the internet registrars should be able to check their own domains, and perhaps a limited amount of access to domains they do not control to investigate cases of domain theft for example.
    And you can only give access to private third party organizations (trademark owners, journalists, domainers, and so on) if their rights are infringed OR if the domain owner requests it themselves (when their domain ownership needs to be verified for a ssl certificate for example).

    A licensed whois access clearing house, which already exists, could be a central (organized by the registries) or decentralized place where trademark owners could request information about specific domains. These places already exist for cctlds, so why not use them? This would solve a lot of headaches for lawyers as they only need to talk to one party, who actually listens, but also for registrars that want to avoid liability. A pair of human eyes can check if a request for whois information about a specific domain is reasonable.

    It is in the interest of everyone to be able to check their own whois information. So you could show whois information to the person who has access to the email address in the whois. This is exactly what they do for .eu domains at Eurid. The .nl registry SIDN also shares information to ssl certification authorities, for the simple reason that they work at the request of the domain owner.

    A lot of parties wish to share their whois information for verification purposes (especially to escrow services, domain markets, domainers and so on), so it would be great to have an infrastructure for this. Being able to share your whois information could be as easy as creating an opt-in button at registrars, through which you declare that other parties can request your whois information. But a more nuanced system, such as the authentication service you guys are showing off, is probably even better. Being able to manage your own whois information, being able to grant people access or giving registrars a proper way to do it would be fantastic.

    Currently Eurid allows people to check whois information of a domain by sending an access code to the email address in the whois. So I imagine it would be easy to expand on this system, where you could add the email address of third parties as well, who will then be given access to the whois information. Add the email of a buyer or a market place and, voila, they can see the whois information. Remove the email address and their access disappears again. It can be that simple.

    But whatever we decide to do, it’s important to do it right the first time, because knowing ICANN we’re probably stuck with the new system for a long time.

Domaining magazine site recommended by
Copyright © 2010-2024 DomainSherpa. All rights reserved. Reproduction without explicit permission is prohibited.
About  |  Advertising  |  Affiliate Links  |  Disclaimer  |  Disclosures  |  Privacy  |  Terms  |  Contact Us