As you probably know by now the General Data Protection Regulation (GDPR) enters into force on May 25th.
In light of this a lot of companies have been making changes with how they collect, process, store and use personal information. While many of the changes are “behind the scenes”, others will have an impact at some level on our clients and how they interact with various products and services that we offer.
In the case of IE domain names there have been quite a few changes in the past few months.
Previously the IEDR’s WHOIS output used to include information about what type of registration was related to each domain. With the recent change in the IE domain policy that information is no longer requested, so the information is no longer collected, so the fields have been removed from the public whois.
So, for example, here’s the current whois output for antivirus.ie, one of our domain names:
descr: Blacknight Internet Solutions Limited
person: Michele Neylon
person: Blacknight.ie Hostmaster
IEDR will be making some changes to how they handle whois data in order to deal with GDPR. As can be expected there are two “buckets” – domains associated with companies, state bodies and others that would fit into the category of “legal person” and domains associated with everything else.
So what’s changing?
While the current whois does not include phone numbers or email addresses of registrants it does contain “personal information” which could be replaced or removed. So, for example, in the case of a domain registered to a company the contact’s name will no longer be published and just the NIC handle will be displayed.
With registrations involving private individuals (and other non-legal persons) the registrant will be left blank, but the admin-c and tech-c handles will still be published, but the names associated with them won’t. To make things a bit clearer the “registrant” data field will be now referred to as “domain holder”.
So the amended whois output for one of my personal domain names will probably look something like this:
Account name: Blacknight Internet Solutions Ltd
Registrar abuse contact: firstname.lastname@example.org
NB: The exact fields that will be displayed and how they’re labelled could change.
Registrants will be able to “opt in” to display more data in public whois if they choose, which might make sense for some organisations.
IEDR will also be making changes to how they process data in general, which has been an area of concern for us for some time. With the simplification of the policies the volume of documentation required has been reduced, however we will still very concerned about the large volume of personal information that was being collected, processed and retained. While the final policies and documentation on these matters are not 100% finalised we and other registrars have been working closely with IEDR staff to ensure that the approach adopted is loyal to best practices in terms of data security, minimisation and respect to privacy.
We’ll update our clients as the changes are finalised.