The governing body for international domain names, ICANN, has produced a report outlining two options for releasing brand new extensions.
The last “round” had been completed way back in 2012, leading among other things to the creation of community-based extensions like “.london”, “.scot”, “.store” or “.sport”. There are approximate 30 million of this type of domain now registered, which is still a relatively small number compared to the over 150 million .com domains and 130 million country code domains in use today.
Option 1 is to proceed in the same way as before, but incorporating all the new requirements. This would require ICANN to spend £100 million upfront in order to open a single application window after five years. At that point, around 2028, each application would cost £200,000. The first resulting internet extensions would likely go live sometime in 2029 or 2030.
Option 2 is to proceed in smaller stages, called “cycles”. Instead of conducting a single application window, the plan is a program split into 4 (or possibly more) annual cycles, each with its own application window. This drastically reduces the risk and complexity for all parties involved. With Option 2, the first application window might be announced as early as 2024. The cost of an application would be £180,000 here, but it’s possible that it could be lowered for subsequent cycles.
ICANN’s presentation, transcript, and audio and video recordings are available here.
The European data protection authorities have expressed concern over the unlimited publication of personal data of domain name registrants in the WHOIS. Typically at the moment when you register a new domain name you are bombarded with marketing calls and emails for a week or more.
Starting this week, you’ll see that the data on WHOIS for domains owned by EEA registrants is getting masked. This masking process is automated, will be ongoing and will be completed across all relevant domains on the platform.
For all existing domain names, if either of the Registrant, Admin, Tech and/or Billing contacts is identified as being from the EU, we will mask the WHOIS output for that domain name with placeholder details in place of the users’ personal information (this service will be referred to as “GDPR WHOIS Protection”).
Here’s an example of how the changes will look on a typical .COM domain name:
Some domain extensions are using their own interpretation of the GDPR so there are varying levels of masking in these domains (.UK is such an example).
Also to note that: access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access.
Domains that have a paid-for “Privacy Protection” service will still enjoy this service – it has the important difference that enquiries using the web form/email address given in the Privacy Protection on the WHOIS will be forwarded to the Registrant. This is not the case (nor possible) on the GDPR masked domains.