Iceland breaks ranks on Whois, will publish emails
Iceland’s ccTLD has become what I believe is the first registry to state that it will continue to publish email addresses in public Whois records after the General Data Protection Regulation comes into effect.
The move seems to put the registry, ISNIC, in direct conflict with the opinions of European data protection authorities.
The company said in a statement last week that after GDPR comes into effect May 25 it will stop publishing almost all personal information about .is registrants in the public Whois.
However, it broke ranks with other European ccTLDs and the likely ruleset for ICANN-regulated gTLDs, by saying it would not expunge email addresses:
ISNIC will however, at least for the time being, continue to publish email addresses, country and techincal information of all NIC-handles associated with .is domains. Those customers (individuals) who have recorded a personally identifiable email address, and do not want it published, will need to change their .is WHOIS email address to something impersonal.
Registrants will be able to opt in to having their full details published.
ISNIC appears to be taking a principled stand against the Draconian regulation. It said in a statement:
Assuming that GDPR directive applies fully to the “WHOIS” service provided for decades by most ccTLD registries, these new restrictions will lead to less transparency in domain registrations and less trust in the domain registration system in general. ISNIC, as many others, strongly disagrees with the view of the European parlament [sic] in this matter and warns that GDPR, as it is being implemented, will neither lead to better privacy nor a safer network environment.
It’s a surprising decision, given that privacy regulators have indicated that they agree that email addresses are personal data that should not be published.
The Article 29 Working Party told ICANN earlier this month that it “welcomed” a proposal to replace email addresses with anonymized emails or web-based contact forms.
EURid will also keep publishing the e-mail address of the owner of a .eu domain name. Even if the owner is an individual.
They claim this is allowed since this is required to be able to contact the domain name holder.
If the owner does not want to e-mail address to be published, then EURid says it’s up to the registrar to provide a service to hide the actual address.
Thank you Kevin for bringing our view to your readers. ISNIC’s stand on this is simple: It is not in the favour of our clients (The Registrants) to hinder people and companies to contact them (the domain holder) or its contacts (NIC-handles) by hiding their email in Whois. And, it is not ISNIC’s to decide if and how contacts emails should be hidden. It can be absolutely necessary for technical reason to be able contact some or even all of the domains contacts. GDPR seems to value the right to hide more than the right for information. For a long time good Registries have striven to provide accurate and trustworthy public service called “Whois” for the good of the Registrants and their domains. This good service is now being jeopardised by GDPR. If the The Icelandic Data Protection Authority orders ISNIC to hide the email address of all persons, we will of course do that – after May 25th.
Kind Regards,
Jens P. Jensen, CEO.
ISNIC the .is Registry.
Reykjavik, Iceland.