Yesterday morning, I asked if readers are concerned with the Whois changes that are likely coming because of Europe’s GDPR regulations. Nearly 40% of those who responded are not concerned about changes, which is a bit surprising to me given the nature of what could change.
I was chatting about the Whois changes with a friend, and one big change that might come as a result of not having public Whois records is the domain name sale escrow process. When domain owners sell domain names without the involvement of a marketplace like Sedo or Afternic, most use a third party escrow service (or they should) like Payoneer Escrow or Escrow.com. The verification process currently in place is going to have to change if public Whois records are not available.
The way the process works now is that a buyer sends the funds to the escrow service, the escrow service informs the buyer and seller the funds are secured, and the seller either facilitates a domain name push at the registrar or sends the authorization code to facilitate a transfer. Once the transfer is finalized, the escrow service releases the funds. If Whois records are not available, I don’t see how it will be possible to confirm the domain transfer took place.
I think this is going to cause major changes in the way third parties do escrow. Here are two potential solutions I thought of:
- The escrow company takes possession of the funds and domain name. The escrow service is responsible for ensuring the buyer gets possession of the domain name. Escrow.com offers this with their concierge service, although it is substantially more expensive than a standard transaction. If this is the only option, escrow services could become more expensive.
- Escrow services become authorized to view the actual ownership information which is privatized to unauthorized parties. This seems like a more cost effective solution, but it would require that a system be set up and authorized third parties become approved. This seems like a solution that would need to be implemented further down the road as it may not be set up in time for the GDPR compliance.
The GDPR changes to Whois records is going to cause many issues. Unfortunately, some of these issues may not have solutions or workaround by the time the changes are made. I am sure companies are actively discussing all of the ramifications of the GDPR changes, but it is concerning that the solutions do not seem to exist yet with the implementation deadline fast approaching.