Our internal review
In considering what changes to make we have been guided by some key principles:
- The need to ensure both we, and any partners we contract with, are GDPR compliant
- A wish to monitor, contribute to, and take guidance from broader industry discussions in order to ensure our solutions are aligned with the developing industry consensus
- The need to make sure any changes we propose provide clarity for registrants, and are as simple as possible for our registrar partners to implement
Guided by these principles, we are now proposing some changes relating to the collection and publication of registrant data via the .UK WHOIS service, the operation of our Searchable WHOIS service, and our Privacy Services Framework for .UK domain names. Our review has also highlighted changes we need to make to our .UK Registrar Agreement (RA), the contractual relationship we have with the registrars who register .UK domain names for end-user registrants.
We are also proposing some changes to specific rules relating to the registrant data we collect for second level .UK domain registrations.
This means providing better clarity on the personal data we collect and explanations of the reasons we need this data, the purposes we will use it for, and the length of time we will keep it.