From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so.
The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Nominet, the .UK registry, is proposing changes to comply with the new GDPR legislation across all areas of the business.
Nominet still needs to record who .UK domain names are held by in their registry database. Traditionally, .uk WHOIS has allowed anyone to check “who is” the registrant.
Nominet has now opened a comment period until 4 April on its .UK proposals to comply with GDPR legislation.
In summary, Nominet proposals are as follows:
- From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
- For registrants who wish for their data to be published in the WHOIS, we will provide appropriate mechanisms to allow them to give their explicit consent.
- We will continue to work in the same way as now with UK law enforcement agencies seeking further information on specific domain names via our existing data release policy and via an enhanced version of our Searchable WHOIS service, available free of charge. Those users will have automatic access to the names and addresses we hold.
- Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.
- The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance. Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.
- The proposed new .UK Registry-Registrar Agreement (RRA) includes a new Data Processing Annex. This sets out terms for how we would work with our registrars when processing registrants’ personal data during the registering, renewing, transferring or managing of .UK domain names to ensure GDPR compliance.
- The Privacy Services Framework will be replaced with recognition of a Proxy Service, within a new .UK RRA to allow registrars to offer proxy services to registrants who do not wish to have their details passed to Nominet.
- Additionally, we propose changing the rules for the data we collect for domain names that end in second-level .uk domain registrations, such as example.uk. We will no longer require a UK ‘address for service’ bringing this into line with third-level .UK domains such as example.co.uk, example.org.uk and so on.
Further details including links to all redline copies of the relevant documentation are available here. You can find just the redline versions here.
A webinar for Nominet members to hear more about these proposals will take place on Wednesday, 7 March from 2.00-3.00pm GMT.
These changes cover the .UK namespace. Pending outcome of ICANN discussions, and feedback from this comment period, Nominet will set out a proposed approach for GDPR compliance for .cymru and .wales domains.
ICANN has proposed an interim GDPR model, including an accreditation program for full Thick WHOIS data access.
This will continue to stifle domain name sales. In the past it was easy to find and contact a domain name owner about a purchase or sale.
I suggest domain name owners start pointing their unused domain names to a page with their contact information.
You are Spot On, with this advice : = ( I suggest domain name owners start pointing their unused domain names to a page with their contact information. Kudos Michael
Gratefully, Jeff Schneider (Contact Group) (Metal Tiger) (Former Rockefeller IBEC Marketing Intelligence Analyst/Strategist) (Licensed CBOE Commodity Hedge Strategist) (Domain Master )http://www.UseBiz.com
What about tools that store historical whois details e.g. DomainTools and DomainIQ.
Won’t they be in breach of such privacy laws moving forward?