Accessing Whois information and acting on a litigious domain name is becoming a nightmare for law enforcement agencies. Law enforcement agencies must have an access to the information provided by registrants in the Whois database and, in specific cases, have authority to act FAST on a domain name. The EU has a solution for this and it's coming in 2020. Is this mechanism welcome now the GDPR is causing problems to law enforcement agencies trying to do their job? I'd say...yes it is.
What it is
The Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004. It is directly applicable in all Member States.
What it does say
A few things that I extracted from the regulation:
- Competent authorities should be able to request any relevant information from any public authority, body or agency within their Member State, or from any natural person or legal person, including, for example, payment service providers, internet service providers, telecommunication operators, domain registries and registrars, and hosting service providers, for the purpose of establishing whether an infringement covered by this Regulation has occurred or is occurring.
- Where no other effective means are available to bring about the cessation or the prohibition of the infringement covered by this Regulation and in order to avoid the risk of serious harm to the collective interests of consumers: where appropriate, the power to order domain registries or registrars to delete a fully qualified domain name and to allow the competent authority concerned to register it.
Coming in 2020This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. It shall apply from 17 January 2020.
The regulation is available here.