Escrow Could Change Because of GDPR

Yesterday morning, I asked if readers are concerned with the Whois changes that are likely coming because of Europe’s GDPR regulations. Nearly 40% of those who responded are not concerned about changes, which is a bit surprising to me given the nature of what could change.

I was chatting about the Whois changes with a friend, and one big change that might come as a result of not having public Whois records is the domain name sale escrow process. When domain owners sell domain names without the involvement of a marketplace like Sedo or Afternic, most use a third party escrow service (or they should) like Payoneer Escrow or The verification process currently in place is going to have to change if public Whois records are not available.

The way the process works now is that a buyer sends the funds to the escrow service, the escrow service informs the buyer and seller the funds are secured, and the seller either facilitates a domain name push at the registrar or sends the authorization code to facilitate a transfer. Once the transfer is finalized, the escrow service releases the funds. If Whois records are not available, I don’t see how it will be possible to confirm the domain transfer took place.

I think this is going to cause major changes in the way third parties do escrow. Here are two potential solutions I thought of:

  • The escrow company takes possession of the funds and domain name. The escrow service is responsible for ensuring the buyer gets possession of the domain name. offers this with their concierge service, although it is substantially more expensive than a standard transaction. If this is the only option, escrow services could become more expensive.
  • Escrow services become authorized to view the actual ownership information which is privatized to unauthorized parties. This seems like a more cost effective solution, but it would require that a system be set up and authorized third parties become approved. This seems like a solution that would need to be implemented further down the road as it may not be set up in time for the GDPR compliance.

The GDPR changes to Whois records is going to cause many issues. Unfortunately, some of these issues may not have solutions or workaround by the time the changes are made. I am sure companies are actively discussing all of the ramifications of the GDPR changes, but it is concerning that the solutions do not seem to exist yet with the implementation deadline fast approaching.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. I’m sure the aftermarket and registrar domainbuy type services welcome this change as it will surely mean more money in their pockets.

  2. I agree, that the upcoming WHOIS changes will be complicating things. It also makes the position of respected domain investors and sellers more established: it’s the seller’s / buyer’s rep that determines 99% of the deal.

    The Escrow Concierge cost is minimal. Just closed another transaction, adding Escrow Concierge and splitting the fees with the buyer. One day later, money is already in my account, I don’t have to wait for the domain to be in the buyer’s account.

    • For most domain sellers, Escrow Concierge works better than plain Escrow: you push the domain to, not to the buyer, or by handing over username/passwords etc. Your risk is halved.

    • What risk is halved? I’ve never not gotten paid when doing a deal with an escrow service. Adding a third party to a conversation can add time to a deal, especially if working with different timezones. During a negotiation, buyer and seller establish a rapport, and adding another party that has to get involved adds extra cost and time (especially with’s concierge team being on the other side of the world).

      Risk is mitigated greatly by using a contract and doing due diligence.

    • Plenty of cases where the buyer attempted to claim the domain wasn’t transferred. And the smaller the amount involved, the bigger the risk. A paradox, indeed.

      Instead of worrying whether the buyer will confirm the transaction as satisfactory, it’s all done via the handling of the domain by Concierge. I literally get paid the following day.

    • Maybe I am lucky, but in 15 years I have never had that happen once.

      There is legal recourse if that would happen though. Hire an attorney and subpoena the registrar to show who has possession of the domain name. It’s a hassle I am sure, but it’s not something that has happened to me.

    • The whole issue is caused by the buyer not cooperating or disappearing after receiving the domain name.

      If the buyer would just log into the escrow service website and signal that the domain was transferred, it wouldn’t be an issue at all.

      Some buyers get lazy, don’t care about anything after the deal, or go on vacation and that can cause delays in getting paid. At least with public Whois info, the escrow service can usually verify the name was transferred.

  3. I guess Escrow would have to become an actual registrar then and move the funds to the buyer once the name has hit the Escrow registrar account and placed in the buyers name, on behalf of buyer.

  4. IMHO GDRP applied to WHOIS should have an opt-out option for Registrants, if they want to keep their data public.
    That would be the simplest solution. 🙂

  5. Full Whois records will be accessible to people who need them for “legitimate purposes”, like cops and trademark owners, under an ICANN accrediation program.

    One of those purposes is likely (but not guaranteed) to be domain transfers, so it’s quite possible escrow agents will be able to get accredited and access full records.

    The main question is when? The accreditation program is nowhere near being agreed upon, never mind implemented, and it’s just a couple of months until GDPR kicks in.

    But none of this may be necessary anyway, because it’s very probably going to be possible for registrants to opt-in to having their full records published in the public Whois.

Leave a Reply

Recent Posts Announces 2023 Master of Domains

During the NamesCon conference today, announced its Master of Domains winners. The annual award celebrates "the highest grossing domain name brokers for deals...

How to Buy a Domain Name That is Owned by Someone

For a domain investor, buying a domain name is second nature. Investors hand register domain names, purchase domain names via expiry and private auctions,...

My 2023 Domain Industry PMC Jersey

For a number of years, I have created a domain industry Pan-Mass Challenge jersey to raise funds for Dana-Farber Cancer Institute. Many domain industry... Profitably Resold for 8 Figures

In March of this year, I reported on the sale of The domain name was acquired by HubSpot Co-Founder Dharmesh Shah for more...

First Look at my 2023 Domain Industry PMC Jersey

This August, I will be riding in my 10th Pan-Mass Challenge ride to raise funds for Dana-Farber Cancer Institute. I will be riding...