The Difficulties of Domain Monitoring After GDPR


    Europe’s General Data Protection Regulation (GDPR) laws went into effect on May 25, 2018, to help EU citizens and residents gain control over their personal data. By default, GDPR requires businesses that take advantage of personal data to use the highest privacy settings possible. This offers EU citizens a tremendous level of control and privacy as well as the ability to understand how their personal data can be used across the Internet.

    One of the services most affected by GDPR is WHOIS, the public domain registration information coordinated by ICANN. As a prerequisite for domain name registration, ICANN has required information like names, phone numbers, and addresses to be collected and displayed in the public WHOIS database. However, GDPR overrides these rules, displaying “Data Protected” in place of previously accessible contact information.

    Though ICANN passed a temporary specification for domain names that allows for domain registrars to collect registration data, access to that data is limited to a tiered system of third parties with legitimate purposes. However, the definition of “legitimate purposes” is vague, making it difficult to ascertain who may be granted access to this data.

    These changes added many challenges to domain monitoring services. Because privacy is enabled by default, it’s difficult to contact domain registrants unless they’ve chosen to allow public access to their data or displayed contact information on their website. Under the temporary specification, the name, address, email address, and phone number of the domain name registrant, technical contact, and administrative contact will remain hidden. In cases of copyright infringement, this means legal proceedings may be one of the only ways to receive a disputed domain’s contact information.

    Because of the privacy complexities GDPR has introduced, brands wishing to manage domain names and trademarks online are best served through domain monitoring services. A centralized domain portfolio allows for brands to manage and consolidate all domains and trademarks globally, including all new TLDs. For domain registries that require local contact addresses, domain monitoring services can provide registration on a customer’s behalf — while keeping the contact information anonymous and private.

    Though privacy will be enabled by default with GDPR, individual contacts will be allowed to control how their data is handled and displayed. And because email addresses are hidden in WHOIS, links to contact web forms may be possible so domain owners can still be reached. Domain monitoring services can help streamline this process, ensuring that brand protection and privacy remain stronger than ever before.