Nominet plans to start accrediting proxy/privacy services in .uk domain names, and to make it easier to opt-out of having your full contact details published in Whois.
The proposed policy changes are outlined in a consultation opened this morning.
“We’ve never recognized privacy services,” director of policy Eleanor Bradley told DI. “If you’ve registered a .uk with a privacy service, we consider the privacy service to be the registrant of that domain name.”
“We’ve been pretending almost that they didn’t exist,” she said.
Under the proposed new regime, registrars would submit a customer’s full contact details to Nominet, but Nominet would publish the privacy service’s information in the domain’s Whois output.
Nominet, getting its hands on the customer data for the first time, would therefore start treating the end customer as the true registrant of the domain.
The company says that introducing the service would require minimal work and that it does not intend to charge registrars an additional fee.
Currently, use of privacy services in .uk is pretty low — just 0.7% of its domains, up from 0.09% a year ago.
Bradley said such services are becoming increasingly popular due to some large UK registrars beginning to offer them.
One of the reasons for low penetration is that quite a lot of privacy is already baked in to the .uk Whois database.
If you’re an individual, as opposed to a “trading” business, you’re allowed to opt-out of having any personal details other than your name published in Whois.
A second proposed reform would make that opt-out available to a broader spectrum of registrants, Nominet says.
“We’ve found over the last few years that it’s quite a hard distinction to draw,” Bradley said. “We’ve had some criticisms for our overly strict application of that.”
In future, the opt-out would be available according to these criteria:
i. The registrant must be an individual; and,
ii. The domain name must not be used:
a) to transact with customers (merchant websites);
b) to collect personal data from subjects (ie data controllers as defined in the Data Protection Act);
c) to primarily advertise or promote goods, services, or facilities.
The changes would allow an individual blogger to monetize her site with advertising without being considered a “trading” entity, according to Nominet.
But a line would be drawn where an individual collected personal data on users, such as email addresses for a mailing list, Bradley said.
Nominet says in its consultation documents:
Our continued commitment to Nominet’s role as the central register of data will enable us to properly protect registrants’ rights, release contact data where necessary under the existing exemptions, and maintain public confidence in the register. It acknowledges that some registrants may desire privacy, whilst prioritising the core function of the registry in holding accurate records.
The proposals are open for comments until June 3, which means they could potentially become policy later this year.