After GDPR Is Domain Privacy Still Necessary?

13 Aug, 2018 Grant Sperry Domains, Hosting, News & Updates, privacy, Security & Safety, System Administration, Tech, Tips & Helpful Information

For many years now most of us have felt compelled to pay for domain privacy when we renew our domains each year. Since domain Whois information was readily available we eventually found ourselves getting spammed badly enough that paying the extra for domain privacy was a no-brainer. But after the EU’s GDPR (General Data Protection Regulation) was implemented on May 25th of 2018 is that any longer necessary?

Domain Privacy
Before I answer that question let’s back up a bit to touch upon domain privacy, Whois, and the GDPR. Domain privacy (aka Whois privacy) is a service offered by domain name registrars. For a fee the registrar masks your contact information and obfuscates your email address with a forwarding service. This prevented spammers from bothering you while providing people a way to contact you that still preserves your anonymity. In the early days of the Internet providing personal contact information was a courtesy which rarely had negative ramifications. Over time though access to your email address in particular was abused and registrars found it necessary to provide a privacy option.

Whois
Quickly, for those unfamiliar with Whois, I’ll explain. Any time you look up info about a domain you’re doing a Whois query. Originally this was performed on the command line of early computers by simply typing the word “whois” but for many years now you can readily get this info from a web page such as https://whois.icann.org/en.

GDPR
Regarding the GDPR, it comprises three key concepts:
1) Transparency -companies establish policies and procedures to protect personal information in the event of a data breach and inform all suspected victims if the breach was successful.
2) Consent and Control -all EU residents are guaranteed the right to have control over their data and entities must prove they’re given consent to use it in any way.
3) Right to be Forgotten -EU residents can choose to remove consent from a company to use their data.

Intended to protect privacy in the digital age the GDPR approaches personal data as a foundational human right for all members of the EU. Not only does it address 21st century privacy concerns but it also includes hefty fines for non-compliance.

One Size Fits All
In response to the GDPR, OpenSRS and many other registrars decided to implement a unified implementation plan. Such an approach avoided the challenges of determining who’s an EU citizen by making Whois GDPR compliant for everyone.

Since May of 2018, Whois now looks like this:

Domain Name: XMISSION.COM
Registry Domain ID: 386865_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://www.tucowsdomains.com
Updated Date: 2017-01-24T20:33:49Z
Creation Date: 1994-03-25T05:00:00Z
Registry Expiry Date: 2026-03-26T04:00:00Z
Registrar: Tucows Domains Inc.
Registrar IANA ID: 69
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:

So, Is Domain Privacy Needed?
The Whois updates provide all substantial features of domain privacy except for an obfuscated contact email address. If that’s something you need then it’s probably still worthwhile to pay for domain privacy but most people won’t need that. Note that “Registrar Abuse” contact email and phone information can still be shown which could be used to provide contact info for spam related incidents (e.g., abuse@domain.com), for instance.

In conclusion, decide what’s best for you particular needs but individuals with domains can largely feel comfortable dropping domain Whois privacy. Businesses and other large entities should at least consider if they need it still. I would encourage XMission subscribers purchasing domains through XMission to understand their privacy protections provided by OpenSRS.