Registrar is more selective about which Whois records will be redacted in wake of GDPR.
With the GDPR deadline quickly approaching, the world’s largest domain name registrar has been mostly silent on its plans. Over the past week, I connected with GoDaddy (NYSE:GDDY) to understand what it plans to do to comply with the EU’s privacy law, especially as it relates to Whois.
Unlike many of its competitors, GoDaddy does not plan to redact Whois information for domain names registered by people outside of the EU. It will continue to publish contact information like it always has for web-based Whois searches. Because it has to redact information for EU residents, GoDaddy will no longer sell DomainsByProxy to people in the European Union but will continue to offer it to people in other regions. (Some countries are routed through others for purchasing due to common currencies and/or languages. For example, customers in Morocco are routed to GoDaddy’s France website. They will be treated like EU residents for purposes of Whois.)
GoDaddy’s decision doesn’t surprise me too much. GoDaddy was an early pioneer of Whois proxy services and has aggressively pushed the paid and high-margin product to its customers. I’m not sure how much money GoDaddy makes from DomainsByProxy but I imagine it’s significant.
Of course, GoDaddy won’t come out and say that Whois privacy revenue is the reason for its decision. SVP & GM – Domains, Kevin Doerr told Domain Name Wire:
There were many reasons we looked at keeping Whois the way it is globally. GoDaddy welcomes the privacy changes that come with GDPR, but we wanted to be thoughtful about impacting our global customers. So GoDaddy will closely monitor the impact of GDPR, as well as regulatory requirements from governments around the world, before making decisions on how to evolve our privacy and Whois practices for every customer.
Whatever the reasons, as a proponent of more public data, I’m in favor of GoDaddy’s decision.
GoDaddy will continue to restrict data on Port 43 lookups, however. Port 43 lookups will contain technical data, state and country only. This will apply to people who currently have whitelisted port 43 access, too.
GoDaddy has restricted Port 43 data since January to cut down on spam. The company has been criticized for Port 43 blocking, but the final GDPR Whois spec from ICANN is essentially in line with what GoDaddy has already done.
The net effect should be little to no spam for domain name registrants but people with a good reason to contact them will still be able to by performing individual Whois lookups on GoDaddy’s website.
Tucows, the world’s second-largest domain registration company, has announced that it will treat all Whois records the same regardless of where the registrant is located. They will all be redacted.
Even if the reason is money selling whois privacy, I’m glad godaddy didn’t just go the lazy way and block whois for everyone.
Mark Thorpe says
Smart move GoDaddy, keeping domain name whois “somewhat” public outside of the EU.
Glad most of my domains are registered at GoDaddy and that I took myself off of the port 43 whois blocking list.
How did you do it as I have my entire portfolio with GoDaddy? Thx in advance.
Mark Thorpe says
they apparently won’t do this anymore.
Thx so much!
Brad Mugford says
The whole thing is ridiculous. I have no idea how registrars or Escrow.com are going to handle things like verifying domain ownership and processing transfers.
Also this EU law certainly does not apply to people or companies outside that jurisdiction.
Registrars also need to offer a way to manually opt-in if you want your WHOIS displayed. GDPR specifically allows an opt-in clause.
I feel your pain, Brad. The GDPR clusterphuck is affecting business worldwide, and that’s the byproduct of Euro-centric bureaucrats delivering a new Orwellian era, on the excuse of data privacy.
On the subject of GoDaddy, it always broke the rules with regards to WHOIS access, ignoring ICANN regulations (and the 60 day lockdown for WHOIS changes) so why change now?