I think this is the worst of both worlds. The data is basically still public, but you cannot access it unless someone marks you as a "friend".
This policy is basically what Facebook is. And how well it played out once folks realised that their shared data wasn't actually private? C. On 16 May 2018 at 16:02, Brian Kantor <br...@ampr.org> wrote: > A draft of the new ICANN Whois policy was published a few days ago. > > https://www.icann.org/en/system/files/files/proposed-gtld-registration-data-temp-specs-14may18-en.pdf > > From that document: > > "This Temporary Specification for gTLD Registration Data (Temporary > Specification) establishes temporary requirements to allow ICANN > and gTLD registry operators and registrars to continue to comply > with existing ICANN contractual requirements and community-developed > policies in light of the GDPR. Consistent with ICANN’s stated > objective to comply with the GDPR, while maintaining the existing > WHOIS system to the greatest extent possible, the Temporary > Specification maintains robust collection of Registration Data > (including Registrant, Administrative, and Technical contact > information), but restricts most Personal Data to layered/tiered > access. Users with a legitimate and proportionate purpose for > accessing the non-public Personal Data will be able to request > such access through Registrars and Registry Operators. Users will > also maintain the ability to contact the Registrant or Administrative > and Technical contacts through an anonymized email or web form. The > Temporary Specification shall be implemented where required by the > GDPR, while providing flexibility to Registry Operators and Registrars > to choose to apply the requirements on a global basis based on > implementation, commercial reasonableness and fairness considerations. > The Temporary Specification applies to all registrations, without > requiring Registrars to differentiate between registrations of legal > and natural persons. It also covers data processing arrangements > between and among ICANN, Registry Operators, Registrars, and Data > Escrow Agents as necessary for compliance with the GDPR."