Proxy Services – Comment Period

0%
 
Documentation

In responding to this comment period, you may find the following links useful:

Summary of feedback on the proposed changes to .UK policy arising from GDPR
.UK Registry – Registrar Agreement – Redline 
Data Release Policy 
Data Quality Policy 
DRS Policy 
Background 

In March 2018 Nominet sought feedback from stakeholders regarding how the .UK WHOIS service, the Searchable WHOIS service, and our Privacy Services framework for .UK domain names should adapt in light of the EU General Data Protection Regulation (GDPR) which had an enforcement date of 25th May 2018.  In April 2018 we published a summary of the feedback received regarding the proposed changes and confirmed the key changes that would be implemented:
  • Registrant data was redacted from the WHOIS from 22nd May 2018, unless explicit consent has been provided.
  • Law enforcement agencies will nonetheless be able to access all registry data via an enhanced Searchable WHOIS service available free of charge.
  • Other interested parties requiring unpublished information are able to request access to this data via our existing data release policy, operating to a one working day turnaround.
  • The registration policy for all .UK domains was standardised – replacing the separate arrangements currently in operation for second and third-level domains.
  • The .UK Registrar Agreement was updated, renamed the .UK Registry-Registrar Agreement, and now includes a new data processing annex.
  • The existing Privacy Services framework ceased to apply.
We had initially suggested replacing the Privacy Services framework with a new Proxy Service which registrars may provide on an optional basis. In response to the feedback received, this aspect of the proposal was decoupled from the bulk of the GDPR-related changes and we promised to consult stakeholders further on this topic at a later date.

The case for change 

In March 2016, in response to increasing demand for privacy online, Nominet recognised privacy services for .UK domain names for the first time.  Under the framework that was introduced, when a domain name was registered the registrant details in the .UK WHOIS were replaced by those of the privacy services provider.  Nominet, however, requested and held the underlying registrant data and was able to disclose it in accordance with our data release policy.

We are conscious, however, that since its introduction in 2016 some registrars opted to provide privacy services to end-users outside of the framework.  For .UK domain names registered in this way, via non-recognised privacy services, the privacy service provider did so at its own risk and accordingly assumed any liabilities associated with being the registrant.  As part of the changes implemented to take account of GDPR in May 2018 this Privacy Services framework was discontinued, however we are aware that a small number of registrars have continued to provide privacy services to their customers.

Feedback from some stakeholders has suggested that in light of the recent GDPR changes implemented to the .UK WHOIS the rationale for privacy services no longer remains valid.  However, registrars have also informed us that there continues to be a demand for such services from their customers.  As such we believe that it is appropriate to implement an operational model designed to meet the needs of our channel whilst ensuring that .UK remains a space that is safe and secure and we are now requesting feedback on a revised proposal.