Back in July we talked about the new GDPR (or General Data Protection Regulation) and how it is making changes to the privacy policies on your website. Today, we will take a look at how it affects privacy policies at the domain level.
Every domain name on the Internet is listed in a database called WHOIS. WHOIS is managed by the Internet Corporation for Assigned Names and Numbers (ICANN). You can think of WHOIS as the Yellow Pages of the Internet. When a WHOIS query is submitted, it returns information such as the person or organization that registered the domain name, the expiration date, the domain registrar, where the domain is hosted, etc.
WHOIS has long been a valuable source of information – it is often used by security specialists for investigative purposes, by consumers to verify the legitimacy of an ecommerce website, by individuals or organizations looking to resolve domain name or trademark disputes, and even by people who are interested in buying domain names.
Domain WHOIS Privacy
Domain WHOIS privacy is the masking of all personal information about a domain name. You may recall there was a time when you registered a domain name that you were able to choose whether to opt in or out of domain privacy. For example, if you had opted for Domain Privacy when you registered your domain name at Doteasy, your personal information will be replaced by Registrant Privacy and domain.com@RegistrantPrivacy.com on WHOIS.
Well, that all has changed since the GDPR came into effect.
Domain WHOIS after GDPR
When the GDPR came into effect in May 2018, ICANN has taken the decision to require domain name registries to remove public access to contact names and details of domain name registrants, in order to protect the personal data and privacy of those registrants under the GDPR. In other words, even if you opted out of domain privacy, your information is masked. This explains the influx of inquiries about unexpected WHOIS record changes.
Here is an example of a WHOIS query post-GDPR,
As you can see, the information available is rather thin – the critical information for the domain registrant is no longer publicly available, and the only information left accessible is the name and URL of the registrar responsible for this domain name.
So, what happens if you need to contact the domain registrant (ie. a domain name dispute)?
In the case of domain name disputes, there is still a way for you to access the domain registrant information, but you will need to do so through the sponsoring registrar. The Registrar’s information is still accessible through a WHOIS query. The registrar is obligated to respond to you in a reasonable time and ICANN advises that if you do not get a response, there is a complaint mechanism available.
We will continue to look at another significant impact the GDPR has on domain names in another post – Domain Transfers post-GDPR. Stay tuned…