whois logo

WHOIS changes for GDPR

The European data protection authorities have expressed concern over the unlimited publication of personal data of domain name registrants in the WHOIS. Typically at the moment when you register a new domain name you are bombarded with marketing calls and emails for a week or more.

Starting this week, you’ll see that the data on WHOIS for domains owned by EEA registrants is getting masked. This masking process is automated, will be ongoing and will be completed across all relevant domains on the platform.

For all existing domain names, if either of the Registrant, Admin, Tech and/or Billing contacts is identified as being from the EU, we will mask the WHOIS output for that domain name with placeholder details in place of the users’ personal information (this service will be referred to as “GDPR WHOIS Protection”).

Here’s an example of how the changes will look on a typical .COM domain name:

gTLD masked WHOIS example
gTLD masked WHOIS example

Some domain extensions are using their own interpretation of the GDPR so there are varying levels of masking in these domains (.UK is such an example).

Nominet WHOIS post GDPR
Nominet WHOIS post GDPR

Also to note that: access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access.

Domains that have a paid-for “Privacy Protection” service will still enjoy this service – it has the important difference that enquiries using the web form/email address given in the Privacy Protection on the WHOIS will be forwarded to the Registrant. This is not the case (nor possible) on the GDPR masked domains.