[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

General Data Protection Regulation (GDPR): Re: domains, registrars, and whois contact info. defaulting to hidden? Yes, because ...



Ah, search failure between eyeballs and brain - skimmed the subjects too
quickly.

Here's that earlier email from Gandi.net that I was thinking of:

----- Forwarded message from information@gandi.net -----
    Date: Thu, 24 May 2018 07:10:09 -0000
    From: information@gandi.net
 Subject: [GANDI] Important information regarding GDPR
      To: Michael.Paoli@cal.berkeley.edu

Dear Gandi customer,

The General Data Protection Regulation (GDPR), goes into effect this
Friday, May 25, 2018. This new European regulation grants new rights to
individuals related to the treatment of their personal data and involves
changes in the manner with which we collect, save, and share your data,
notably your personal data as displayed in the "whois"
(https://en.wikipedia.org/wiki/WHOIS).

As a consequence of this new regulation, we have modified our "whois"
tool (the Gandi whois is available here: https://www.gandi.net/whois) in
order to obfuscate all personal data, especially the first and last name
of the owner of a domain name.

Generally, for generic TLDs (that is, those like .COM and .NET that are
not country-code TLDs like .FR, or .UK for example), these changes will
involve the following modifications:


When you have our (free) private Whois service activated:

 • For the owner (also called the "registrant") of a domain name: we
   will hide the first and last name and instead we will display "REDACTED
   FOR PRIVACY". We will continue to display the name of the organization
   (company, association, etc.) and an anonymized alias email address
   (produced by our free "anti-spam protection" service) however. We will
   also replace the postal address and telephone number with Gandi's
   "private Whois" information.

 • For other domain contacts (admin, technical, billing): from here on
   out, we will replace all personal information (first name, last name,
   company name, postal address, telephone number, and fax) with "REDACTED
   FOR PRIVACY" except for the anonymized alias email address our free
   "anti-spam protection" service produces.


When you do not have the "protected Whois" option activated:

 • For the owner (also called the "registrant") of a domain name: we
   will hide the first and last name and instead we will display "REDACTED
   FOR PRIVACY". We will continue to display the name of the organization
   (company, association, etc.) and an anonymized alias email address
   (produced by our free "anti-spam protection" service) however. We will
   also replace the postal address and telephone number with "REDACTED FOR
   PRIVACY."

 • For other domain contacts (admin, technical, billing): from here on
   out, we will replace all personal information (first name, last name,
   company name, postal address, telephone number, and fax) with "REDACTED
   FOR PRIVACY" except for the anonymized alias email address our free
   "anti-spam protection" service produces.


For geographic TLDs (i.e. ccTLDs that correspond to individual country
codes, like .FR and .UK), we will display the data provided by the
registry when they conform to the GDPR requirements. Otherwise, we'll
use the same information (see above) we'll be using for generic TLDs
like .com and .net, until the registry in question makes the necessary
changes.

We will also be providing you with the option to make your personal data
public from your Gandi control panel shortly.

At Gandi we have always taken data privacy very seriously. GDPR
represents a major reform in that area. The updates that this reform
will entail, especially those related to the Whois, bring us further
down the path of improving the collection of personal data and its
subsequent treatment in relation to domain name registration.

We will continue to keep you up to date on all the actions we take to
conform with this new regulation and we are of course available to
answer your questions, whatever they may be, on this subject.

If you'd like to reach us, please do not hesitate to contact our
Customer care team:

http://help.gandi.net/

Thanks again for choosing Gandi for your domain name registration and
management. We appreciate your continued business.

Sincerely,
Gandi.net


----- End forwarded message -----

From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
Subject: domains, registrars, and whois contact info. defaulting to hidden? Yes, because ...
Date: Thu, 28 Feb 2019 22:29:33 -0800

[on-list - because ... why not?]

From: "Rick Moen" <rick@linuxmafia.com>
Date: Thu, 28 Feb 2019 21:24:09 -0800

(Tangential but possibly amusing trivia:  I checked public whois for my
two domains, and was astonished to see that every single line of contact
information has been replaced with 'REDACTED FOR PRIVACY'.  This is very
much contrary to my wishes and my longtime policy, and I never requested it.
Checking at my registrar, I find that the customer webUI clsims whois
privacy has _not_ been enabled by yr. humble servant, so there is an
'enable privacy' control offered, but the corresponding 'disable privacy'
control is absent.  I've filed a bemused request with their support
staff that they fix, as I've not requested this setting and am evidently
not permitted to turn it off as the webUI thinks it's not on.)

domains, registrars, and whois contact info. defaulting to hidden?  Yes,
because ...
Yes, I think I mentioned it elselist earlier - but can't find it presently.
I think it's mostly law of unintended consequences.
Most notably (conflict between general whois and registrar data
requirements and) EU privacy laws - that last being pretty persnickety,
and having force of law, and most, if not all, registrars, being
quite international - and generally at least having customers/users
including in the EU - and not wanting (or being feasible) to drop those
users/customers.
So, basic side effect of all that, is unless the user/customer very
highly and explicitly opts in, then their contact info. is essentially
hidden from the whois data - even if they've never opted to hide it.
I'd guestimate most registrars communicated about this change ... but
perhaps not ... and/or quietly (might've been overlooked in the "noise"
of semi-regular communications).  I know from at least Gandi.net they were
highly clear on it (but now that I think of it, joker.com may have been
quite silent on it ... or maybe only Jim Stockford was notified about
such).  Another side-effect - most registrars now offer "privacy
protection" for free - whereas they typically used to charge some
small additional fee for that (dis)service.

Yeah, ... sucks.  Defaults matter.  :-/  As does law.
And very often, due to many things (e.g. on The Internet) being
pretty international in nature, often law(s) in one country will
have impact well beyond that one country - often world-wide, or
(effectively) nearly so (probably also matters too,
how much influence, enforcement, trading partner and
economic force or lack thereof, from the country or the like with
whatever laws, ... might have much impact ... or might be
ignored or otherwise dealt with (we'll just move our company
elsewhere)).  EU copyright law and proposed changes also come
to mind ... similar for Australia and some of their rather
boneheaded bits of law (some companies are leaving).
And yes, the US does it too (often not leaders in security
and encryption - much of that may be legacy effect from
much earlier stupidity).  So, yep, ... I'm sure I have some
(much?) earlier email from Gandi.net on that.  Hmmm... can't
find that either (I may not be searching that quite right).
I'm intending to make the info. public again on the domains
I'm owner of ... haven't jumped to it 8-O ... I figured I'd do
it around renewal time or whois data verification time (when
I go check and interact with the registrar data and such anyway).

--
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To post to this group, send email to berkeleylug@googlegroups.com.
Visit this group at https://groups.google.com/group/berkeleylug.
For more options, visit https://groups.google.com/d/optout.