Re: surely the solution is WHOI$
Does ICANN publish any data itself? For whois I though you had to go to the regional registries (RIPE, ARIN)?
That's kind of the crux of the matter. The RIRs (RIPE, ARIN, APNIC etc) run WHOIS for IP addresses, NIC handles, ASNs and other bits of data per IANA rather than ICANN. They've perhaps been a bit more grown up about GDPR, eg RIPE's policy is here-
https://labs.ripe.net/Members/maria_stafyla/how-were-implementing-the-gdpr-amendments-to-the-ripe-database
So obtaining consent for any personal data, and limiting the display. RIR's probably can also argue a better case for operational necessisty to maintain routing integrity. ICANN on the other hand..
The second main way around the law is to devise an "access program" for specific groups to be granted access to Whois data and then devise the system in such a way that corporate interests are effectively viewed as equivalent to law enforcement.
Which is ICANN's IPR issue. Their domain registration database has value if it's complete, and it's "access program" would be via a range of subscription options. Call it $4.95 for an individual database query, or say $10k per year for full access.. IPR lawyers can expense that, or bill to their clients.
Biting the hand that feeds IT
