Re: An open registry of who owns domains is important
"In essence, if you owned your own domain the EU is saying that the contract you signed is no longer valid – meaning it is quite possible that you no longer own your domain. ...
Nobody wants that, but the EU doesn’t have the legal authority to retroactively modify contracts between their citizens and third parties – they can however declare the contracts invalid."
This is an interesting legal question. On the face of it, I can't actually think of any legal reason why the EU could not retroactively modify contracts between private citizens per se. Elsewhere in EU law, it arguably already does this - if you include an unfair clause in a consumer contract, the law will only invalidate that particular clause (https://europa.eu/youreurope/citizens/consumers/unfair-treatment/unfair-contract-terms/index_en.htm). So the contract remains valid, just without the unfair bit (assuming that the removal of the unfair bit isn't so fundamental that it breaks the altogether).
With the GDPR, though, it doesn't actually say anything about retroactively modifying contracts, or indeed negating contracts that do not comply with the law. All it says is that the controller and processor will get fined if the contract is not up to snuff - and that the data subjects has certain rights in law which will take precedence over any competing obligations in contract. So what, then, is the legal status?
For the following, I am assuming that the wholesale publication of personal data in the whois domain actually is contrary to the GDPR and that they don't introduce a compliant system in time. I don't actually think that this is inevitable and I reckon there are many, many ways to adapt the system to be legally compliant. But that's another issue for another day.
First question: Is this a consumer contract? If so, a term requiring you to give up your statutory rights is unfair and therefore unenforceable. As noted above, the rest of the contract remains valid. So you keep your domain, but the obligation to allow them to publish your details is removed.
Second question: If it is not a consumer contract, is the clause anyway unenforceable? (Nb: just because it is a business contract does not mean that there is no personal data involved - see, for example, C-28/08 P - Commission v Bavarian Lager). The answer is maybe, maybe not. I've had arguments about this and it could go either way, probably depending on the skill of the barrister in question. Ultimately, however, this issue isn't decided at EU level. It therefore depends on your national law, so will vary from Member State to Member State. At least in the UK, even if it is unenforceable, we can use the concept of severance in contract law to simply remove the offending clause and keep the rest of the contract alive.
Bottom line: Even if your contract relies on your information being published in the whois AND even if that clause ends up being invalid, your contract will probably remain valid, at least in the UK.