A geoTLD.group survey (39 respondents of which 24 from within the EU) collected information on current WHOIS practices and preparations for the European General Data Protection Regulation (GDPR).
The survey results can be summarized as follows:
- All EU-based geoTLD registries have implemented operational measures to limit the publication of registrant data by the WHOIS, in-line with national legislation.
- Almost all EU-based geoTLD Registries have implemented measures to allow for access to unpublished registrant data by legitimate interests.
- Although the geoTLD registries account for over 600,000 registrations, less than 50 WHOIS data access requests have been received so far.
- The vast majority of requests was dealt with in a response time of 1 – 2 days. Only one request waited for 7 days.
- The majority of geoTLD registries have received no requests for WHOIS data access since 25 May 2018; 76% of EU geoTLDs received no access requests, and 79% of the non-EU geoTLDs received none.
- Of the geoTLDs that received access requests, most received fewer than ten requests. Four registries received fewer than 10 requests and two received more than 10 requests, but less than 20 each.
- A majority of EU-based geoTLD registries (60%) consulted with their local ccTLD to harmonise their WHOIS publication and access with the ccTLD practices, while non-EU geoTLD mostly (17%) have not.
- Across all requests, over 50% were legitimate. They came in equal parts from law enforcement, right holders, lawyers, registrants and other parties.