The European Union is working on a directive, Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union. The directive suggests that the registrar will have to keep the data of domain name owners. When a user registers a domain name, the registrar collects the user’s name, address, email, and phone number.
No more false information
Currently, registrars should only provide a name and an address, however, they or any other organization can’t check the validity of this data before they can approve the new domain registration. With the EU’s new directive, registrars will have to provide a valid phone number, and their full name, email address, and physical address will be able to be verified before the domain registry. Thus, users won’t be able to provide any false information during domain registration. The draft of the new EU legislation says,
“In order to ensure the availability of accurate, verified, and complete domain name registration data, TLD registries and entities providing domain name registration services should be required to collect domain name registration data. They should aim to ensure the integrity and availability of such data by implementing technical and organizational measures, such as a confirmation process for registrants.
In particular, TLD registries and entities providing domain name registration services should establish policies and procedures for the collection and maintenance of accurate, verified, and complete registration data, as well as for the prevention and correction of inaccurate registration data.”
The directive states that businesses that touch DNS should keep the domain owners’ data, but it also says that organizations should also comply with GDPR since it includes personal data. In case of a conflict between these two, an EU regulation overrides the national laws of all EU member states. In such a case, EU countries will be forced to change their own national laws according to the objectives that the directive sets. ICANN also published its comments on the directive and suggested that such requirements should be set out with greater clarity.
Freedom of speech
Although the directive doesn’t clearly suggest banning anonymous websites, it will make registering or renewing such domains much more complicated in the future. MEP Patrick Breyer from Pirate Party Germany warned interned users and stated that the directive is a threat against activists and whistleblowers because it will no longer allow anonymity. He also stated,
“This indiscriminate identification policy for domain holders is a big step towards abolishing anonymous publications and leaks on the Internet. This policy endangers website operators, because only anonymity effectively protects against data theft and loss, stalking and identity theft, doxxing and ‘death lists’. The right to anonymity online is particularly indispensable for women, children, minorities and vulnerable persons, victims of abuse and stalking, for example. Whistleblowers and press informants, political activists and people in need of counselling, fall silent without the protection of anonymity. Only anonymity prevents the persecution and discrimination of courageous people in need of help and ensures the free exchange of sometimes vital information. If Wikileaks activists, for example, had had to register the platform’s website in their name, they would have been immediately prosecuted in the United States.
I welcome the aim of increasing network security. But indiscriminate identification has nothing to do with network security. That is why my group and I are calling for the deletion of the identification requirement from the draft Directive.”