Why we’re consulting on our WHOIS contact data policy – Eleanor Bradley

12th March 2015

First, as internet use has become more sophisticated and more complex, the distinction between private and commercial web domains has blurred. For example, is a personal blog with pay-per-click advertising private or commercial? What about a site that includes a link to a product purchase on a different site?

When you register a .uk domain, Nominet is given the name and address of the person you’ve entered as the registrant (e.g. you or your business). These are then published in the .UK WHOIS, a free public tool we provide to enable internet users to look up who’s behind a domain. Our current policy allows domain holders who are individuals and not using the domain in the course of trade to opt out of having an address published. Businesses, and individuals using the domain in the course of trade, are not able to opt out. Given the blurring of definitions and changing expectations, we think our policy on who is eligible for the .UK WHOIS opt-out needs clarifying.

Second, there’s increasing public concern about online access to personal information, evidenced by a rapid increase in privacy services offered by registrars (the specialists who register domains with Nominet on behalf of consumers). The number of domains being registered to privacy services has grown from about 300 per month at the beginning of last year to 6,500 per month now. The issue with this is that currently, if you’re using a privacy service for your domain, the privacy service provider becomes the official domain-holder in our registry. They hold all the rights to that domain – which could be bad for you, and all the responsibilities and liabilities – which could be bad for them.

We’re consulting on two proposals to address these issues.

1. Our .UK WHOIS opt-out service

We’re proposing to refine the requirement for a domain holder to be an individual and not using the domain for trade. To be eligible, the holder must still be an individual, but the second part would be replaced with more specific tests, in that the domain name must not be used to:

  • transact with customers (merchant websites)
  • to collect personal data from subjects (i.e. data controllers as defined in the Data Protection Act)
  • to primarily advertise or promote goods, services, or facilities.

We expect the effect of this would be a slight expansion in the number of individuals eligible for the free opt-out, as well as providing greater clarity around who is and isn’t eligible. For example, bloggers making pennies out of pay-per-click, but not taking orders, would be able to opt out.

2. Registrars’ privacy services

We’re proposing a framework that would ensure registrars offering privacy services still provide Nominet with accurate contact data for the intended domain holder.

This would mean that, if you’re a domain holder, you’d be able to use a registrar privacy service without giving up your rights as the official registrant of that domain. Both Nominet and your registrar would hold your contact data, but it would not be published in the .UK WHOIS.

For registrars, this would mean that there’s a clear contractual framework for offering privacy services for .UK domains, and the ability to do so without becoming the legal registrant for the domain.

Together, we think these proposed changes will help ensure we’re striking the right balance between giving domain holders choice and control about what contact data they publish online, and making sure we have the data essential for the fair, efficient and secure operation of the .UK namespace. As ever, we look forward to hearing people’s suggestions and thoughts on these proposals.

The consultation will run from 12 March 2015 until 3 June 2015. Please visit nominet.org.uk/WhoisConsultation for more information about the proposals, and to submit responses.