The new European Union privacy rules (the General General Data Protection Regulation (GDPR) went into effect earlier this month. The GDPR aims to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Even so, the new rules implementation has created havoc by forcing businesses all over the world to comply with the EU standar as long as they are doing business online with EU residents. Thus, most businesses of any scale/size are scrambling to comply.
For individuals, the most immediate effect of the GDPR has been receiving a barrage of e-mails from service providers who have updated their privacy rules and terms of service in order to comply and avoid steep fines.
While the GDPR has been championed by privacy advocates as a positive step toward protecting individual rights and personal information online, attorneys and law enforcement officials have largely opposed the regulations because of the negative impact on transparency which could create more hurdles for businesses to enforce intellectual property rights, protect users from scammers/squatters, and shut down phishing or malware scams. The most critical impact has been on WHOIS information. Whereas registrant information was previously made public unless the individual opted to use a Privacy Protection service (or just listed a fake name and contact information), the WHOIS information has always been a starting point for brand people to deal with fake websites. In response to the GDPR many registrars are simply scrubbing their WHOIS information and providing no public information regarding the site in order to avoid fines.
The registrars have also taken a hit to their bottom line because there is no need for registrants to use a Privacy Protection Service if there is no information being made public. The Privacy Protection Services constituted a significant revenue stream for companies like GoDaddy and Register.com.
Lastly, the GDPR is an EU rule that has had a global impact online which has made the folks at ICANN (the International Corporation for Assigned Names and Numbers) look rather silly and plainly ineffectual. If other countries or groups of countries decide to enact their own privacy rules like the EU just did, then businesses world-wide could be faced with having to comply with myriad regulations and privacy regimes that lack standards – thereby undercutting the entire purpose of having an organization like ICANN which is supposed to ensure the Internet’s “operational stability […]; to promote competition; to achieve broad representation of the global Internet community; and to develop policies appropriate to its mission through bottom-up, consensus-based processes.”