On May 25, 2018 the European Union’s General Data Protection Regulation will go into full effect. This means that privacy regulations will have a significant impact on how companies handle peoples personal data. General Data Protection Regulation is a regulation that is designed to protect privacy of EU citizens and its residents. What are some other consequences that the GDPR can have? It means that they can severely restrict access to technology for its EU residents and companies. So, what does this mean for the future of Whois? Well we have all heard about GDPR and its effect on Whois. I echo the sentiment by Neil Schwartzman that restricting Whois access would increase spam. Why? Antispam software relies on Whois data to detect spams. Spammers will be able to gain access to people’s contact information from everywhere on the web, including data warehouses, social media, and so many others. They will continue do what they have been doing for years so long as there are commercial incentives. The rules currently governing the placing and use of cookies, which are used regularly by spam and many websites for a history of what you’ve used on their site, are being simplified and the EC seeks to remove the overload of cookie warnings. This is good and bad news for consumers. While privacy intrusive cookies will still require consent, that ‘privacy’ is left up to the website itself, leaving the term up for interpretation and potentially putting your actual privacy at risk. While this is a crucial tool in marketing and advertising, people have always had the comfort of allowing it themselves rather than knowing they have no control over it. On the other hand, cyber-security researchers and antispam solutions will be crippled in a world of reduced Whois access. Access to Whois will be blurred, and only certain information will be available to anyone without tiered access, leaving spammers with little to no access to your personal information as well as your websites. It’s a delicate trade off that may be worth it in the long run, despite limiting access to non-spammers. While the regulation is intended to protect the privacy of European Union citizens and residents, the confusion around unclear guidelines has left domain name companies scrambling to understand and comply. Companies in the domain industry will be affected in many ways, including the way they deliver their information, as well as how they share it. The cost alone to comply with the regulation is not only a burden on domain name registrars, but limited and tiered access to Whois. It could even potentially impact the value of Whois privacy services, which are a large source of revenue for many registrars. There are many drawbacks to the GDPR, but where drawbacks end, benefits begin. The future of Whois is shaky, but with the regulation comes a new expectation of privacy that Whois can either offer a bypass around, or offer specialized access with paid options, or subscriber services.. So while the GDPR is important for cyber-security and spambots, the reality is that it will only cause more confusion and further limitations on what can be access by those seeking to use Whois as a tool of research rather than a cesspool of information that needs to be purged.