Nominet and GDPR
- Posted by:
- GDPR, Nominet, Data Privacy, Data Protection
- Posted date:
Nominet and GDPR
Set to come into effect on the 25th May 2018, the EU General Data Protection Regulation is at the forefront of everyone's minds. The new law calls for more transparency in data collection and processing. It sets strict standards for the protection of the subject's data privacy. The looming threat of a €20 million fine has motivated corporations such as Google and Amazon to review their privacy policies to be GDPR compliant.
So far, the GDPR has caused an impact on almost all industries around the globe. But it has not sparked as much debate elsewhere as it did regarding one of the IT industry's favourite databases- WHOIS.
WHOIS is a registry database which stores registration information about domain names. The registrant name, address and contact information are free to view for public users to check "who is" the owner of the domain. Previously, this had been a valuable resource for telemarketers and spammers to obtain personal information.
Naturally, GDPR doesn't like that.
As the UK's official registry service provider, Nominet holds registration details for more than 10 million .uk domains. Most of which is available to view by the public on the WHOIS database. So, will WHOIS become WHOWAS on the 25th May?
On the 1st March 2018, Nominet opened a comments period on their proposed changes to be compliant with GDPR. They have stated that "the .UK WHOIS will no longer display the registrant’s name or address unless they have given permission to do so". The GDPR pushes for a Privacy by Design approach, which can be briefly described as "hide now, ask consent later". While this may sound a simple fix, it collides with the WHOIS Privacy service offered by many registrars at a premium.
The WHOIS database is not only used by spamming marketers. It's also often used by brand protection professionals to seek out those in breach and law enforcement to track down criminals. Nominet has proposed a multi-layer access to WHOIS in order to continue these services. UK law enforcement agencies will automatically have access to the registrant information held by Nominet. Other third parties can request information via their Data Release Policy for legitimate interests or to exercise any rights. For standard public users, the registrant's name, address and contact information will no longer be available to view.
They have further proposed a new Registry-Registrar Agreement (RRA) which outlines how they should work with registrars when processing the registrant information when transferring and registering domains.
There are other proposed changes which you may be interested in; the full document is available to read here.
Easy Domains take data privacy and security seriously. To see how we work to protect your personal data, simply follow this link to see how we incorporate Privacy by Design.