Escrow Could Change Because of GDPR |
101 Domain

Escrow Could Change Because of GDPR


Yesterday morning, I asked if readers are concerned with the Whois changes that are likely coming because of Europe’s GDPR regulations. Nearly 40% of those who responded are not concerned about changes, which is a bit surprising to me given the nature of what could change.

I was chatting about the Whois changes with a friend, and one big change that might come as a result of not having public Whois records is the domain name sale escrow process. When domain owners sell domain names without the involvement of a marketplace like Sedo or Afternic, most use a third party escrow service (or they should) like Payoneer Escrow or The verification process currently in place is going to have to change if public Whois records are not available.

The way the process works now is that a buyer sends the funds to the escrow service, the escrow service informs the buyer and seller the funds are secured, and the seller either facilitates a domain name push at the registrar or sends the authorization code to facilitate a transfer. Once the transfer is finalized, the escrow service releases the funds. If Whois records are not available, I don’t see how it will be possible to confirm the domain transfer took place.

I think this is going to cause major changes in the way third parties do escrow. Here are two potential solutions I thought of:

  • The escrow company takes possession of the funds and domain name. The escrow service is responsible for ensuring the buyer gets possession of the domain name. offers this with their concierge service, although it is substantially more expensive than a standard transaction. If this is the only option, escrow services could become more expensive.
  • Escrow services become authorized to view the actual ownership information which is privatized to unauthorized parties. This seems like a more cost effective solution, but it would require that a system be set up and authorized third parties become approved. This seems like a solution that would need to be implemented further down the road as it may not be set up in time for the GDPR compliance.

The GDPR changes to Whois records is going to cause many issues. Unfortunately, some of these issues may not have solutions or workaround by the time the changes are made. I am sure companies are actively discussing all of the ramifications of the GDPR changes, but it is concerning that the solutions do not seem to exist yet with the implementation deadline fast approaching.

About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.

Reach out to Elliot: Twitter | | Facebook | Email

Comments (20)


    Just make every transaction a concierge one and problem solved, next

    March 22nd, 2018 at 10:56 am

      Elliot Silver

      That adds time and cost to transactions, and it also adds an additional set of eyes on deals.

      In reply to CaseyL | March 22nd, 2018 at 10:59 am


    I’m sure the aftermarket and registrar domainbuy type services welcome this change as it will surely mean more money in their pockets.

    March 22nd, 2018 at 11:56 am


    I agree, that the upcoming WHOIS changes will be complicating things. It also makes the position of respected domain investors and sellers more established: it’s the seller’s / buyer’s rep that determines 99% of the deal.

    The Escrow Concierge cost is minimal. Just closed another transaction, adding Escrow Concierge and splitting the fees with the buyer. One day later, money is already in my account, I don’t have to wait for the domain to be in the buyer’s account.

    March 22nd, 2018 at 12:11 pm

      Elliot Silver

      Why would you need to use the concierge service? On a $50,000, that is an extra $400 for something that doesn’t seem necessary for a pro.

      In reply to Acro | March 22nd, 2018 at 12:15 pm


      For most domain sellers, Escrow Concierge works better than plain Escrow: you push the domain to, not to the buyer, or by handing over username/passwords etc. Your risk is halved.

      In reply to Elliot Silver | March 22nd, 2018 at 12:26 pm

      Elliot Silver

      What risk is halved? I’ve never not gotten paid when doing a deal with an escrow service. Adding a third party to a conversation can add time to a deal, especially if working with different timezones. During a negotiation, buyer and seller establish a rapport, and adding another party that has to get involved adds extra cost and time (especially with’s concierge team being on the other side of the world).

      Risk is mitigated greatly by using a contract and doing due diligence.

      In reply to Acro | March 22nd, 2018 at 12:31 pm


      Plenty of cases where the buyer attempted to claim the domain wasn’t transferred. And the smaller the amount involved, the bigger the risk. A paradox, indeed.

      Instead of worrying whether the buyer will confirm the transaction as satisfactory, it’s all done via the handling of the domain by Concierge. I literally get paid the following day.

      In reply to Elliot Silver | March 22nd, 2018 at 3:38 pm

      Elliot Silver

      Maybe I am lucky, but in 15 years I have never had that happen once.

      There is legal recourse if that would happen though. Hire an attorney and subpoena the registrar to show who has possession of the domain name. It’s a hassle I am sure, but it’s not something that has happened to me.

      In reply to Acro | March 22nd, 2018 at 3:45 pm


      Or, use your brother as an escrow, since they are an attorney. 😀

      In reply to Elliot Silver | March 23rd, 2018 at 12:06 pm

      Elliot Silver

      That sort of defeats the purpose of using a third party escrow service 🙂

      In reply to Acro | March 23rd, 2018 at 12:27 pm

    Dan Gustafson

    The topic mirrors traditional real estate title work and title insurance, which seems warranted on some of these bigger deals.

    March 22nd, 2018 at 12:21 pm

    John Colascione

    What about requiring a DNS txt record change that only the buyer has the record to enter which proves the transfer? That doesn’t seem to complicated; it’s like entering a EPP code.

    March 22nd, 2018 at 12:30 pm

      Elliot Silver

      The whole issue is caused by the buyer not cooperating or disappearing after receiving the domain name.

      If the buyer would just log into the escrow service website and signal that the domain was transferred, it wouldn’t be an issue at all.

      Some buyers get lazy, don’t care about anything after the deal, or go on vacation and that can cause delays in getting paid. At least with public Whois info, the escrow service can usually verify the name was transferred.

      In reply to John Colascione | March 22nd, 2018 at 12:34 pm

    John Colascione

    I guess Escrow would have to become an actual registrar then and move the funds to the buyer once the name has hit the Escrow registrar account and placed in the buyers name, on behalf of buyer.

    March 22nd, 2018 at 12:41 pm

      Elliot Silver

      Sorry, I lost you.

      They would likely need to get involved in every deal and take possession of the domain name, like Sedo or GoDaddy/Afternic.

      In reply to John Colascione | March 22nd, 2018 at 12:43 pm

    John Colascione

    I mean, move the funds to the seller.

    March 22nd, 2018 at 12:42 pm

    Andrea Paladini

    IMHO GDRP applied to WHOIS should have an opt-out option for Registrants, if they want to keep their data public.
    That would be the simplest solution. 🙂

    March 22nd, 2018 at 5:03 pm

    Kevin Murphy

    Full Whois records will be accessible to people who need them for “legitimate purposes”, like cops and trademark owners, under an ICANN accrediation program.

    One of those purposes is likely (but not guaranteed) to be domain transfers, so it’s quite possible escrow agents will be able to get accredited and access full records.

    The main question is when? The accreditation program is nowhere near being agreed upon, never mind implemented, and it’s just a couple of months until GDPR kicks in.

    But none of this may be necessary anyway, because it’s very probably going to be possible for registrants to opt-in to having their full records published in the public Whois.

    March 23rd, 2018 at 5:35 am

Leave a Reply

Name *

Mail *