The GDPR (General Data Protection Regulation) = DSGVO (General Data Protection Regulation) comes into force on 25 May 2018. With this article, we would like to give you a brief overview of our plans on how to deal with some of the concerns that arise from the GDPR regarding the processing of registration data currently published in Whois and how this will affect the future Domain registration services.
The benefit of GDPR
Privacy is about having control of your data and GDPR will ensure that private individuals have more control and information on how their personal information will be published and processed.
While compliance with the GDPR is challenging for all involved parties, it will ultimately help to protect private data of Internet users from abuse and misuse both by restricting processing and by improving security. It will also help users to get a better idea of how their personal data is processed by whom and why, and how to take action against incorrect or illegal processing.
Processing data in the context of GDPR
Processing of private data will be limited to a certain extent, especially with regard to its transmission and disclosure.
However, we do not control the processing of data on each instance. Where we act as mere data processor we need to follow lawful instructions of data controllers such as ICANN and the registries in order to be able to continue to provide our services to you.
This also means we will need to continue to request full contact data both for our own business purposes under the GDPR as well as the legitimate purposes of the data controllers, but we will restrict processing and data transfers as much as possible. Publication and transmission of personal data will be reduced as summarized below.
Reduced publication and transmission of whois data
Reduced data provision by our whois server: The contact data provided by our whois server only includes data of domains managed by us in so called “thin” registry gTLDs, such as .com, .net, .cc, .tv, .jobs. To comply with GDPR requirements, we will reduce publication of contact data in whois to only a few fields. All other fields will be redacted or replaced.
Reduced data transmitted to gTLD "thick" registries: Contact data transfer to so-called gTLD thick registries (such as .info, .org, .xyz.) will be reduced to only a few fields as well unless we can be certain that both data transfer as well as the GDPR compliance measures taken by the registry operator are in full compliance with the GDPR.
In particular the data coming from our whois server and transmitted to non-compliant gTLD thick registries will be reduced to:
For organizations (O-handles, if the "organization" field is filled out and no first, middle, last name is given):
For private persons (P-handles, if no organization is given):
An Opt-in function to disclose data will be made available for all contact handles (Owner, Admin, Tech, Billing) in the near future. The underlying technical process is very similar to contact verification, i.e. the registrant will receive an email to approve or decline disclosure of her or his data in Whois. This will allow each individual contact holder to select for a particular contact handle whether he wishes his data to be disclosed in the whois.
Please note that even if a contact holder decides to disclose his details in our system, this does not mean that the registry controlling the Whois output will also disclose this data. Work is currently ongoing at ICANN to harmonize this approach.
Contact to an undisclosed entity
As the email address is no longer shown in whois, we will introduce the possibility to contact the registrant through a web form. Inquiries sent through this form will be sent to the respective contact of record.
The individual link to the web form will be published in whois, typically in the "Email"-Field.
Transfers from and to other registrars
We currently envision that contact data should be made available for certain purposes, in particular transfers from and to other registrars. This would allow data transmission for transfers.
However, this matter is still subject to additional reviews and may be changed accordingly.
Data in the whois of ccTLDs
ccTLD registries operate own whois Servers and must individually comply with GDPR. We are currently in the process of reviewing the plans supplied by the registry operators to determine the individual approach for each ccTLD.
In some cases changes to our backend connection to ccTLD registries will need to be applied where we have determined that we will not be able to process and/or transfer data under the GDPR. These planned changes will not affect the handling of the ccTLDs in our external gateways, portals and APIs, i.e. we expect no "code-breaking" changes for our customers.
You can now submit your binding applications for .app domain names! This new TLD of the Google Registry wants to offer a more secure name space for developers, entrepreneurs, and businesses to showcase their apps to the world.
.app is an encrypted-by-default TLD by virtue of being inscribed in the HSTS Preload list. As such, all second-level domains under .app will only load on modern browsers if a valid SSL certificate has been configured and the web server is serving HTTPS.
Important information: This behavior of .app must be clarified to registrants. A respective notification must be integrated as part of the registration flow and presented prior to purchase. It cannot be embedded in other terms of service, nor require the registrant to follow a link to obtain the information. You may use the following sample text of the registry for the notice. On demand of the registry, the reseller will have to provide screenshots of the purchase flow including the notice. You have to confirm that you have understand and will comply to these requirements by transmitting the parameter X-ACCEPT-SSL-REQUIREMENT = 1.
.app is a more secure domain, meaning that HTTPS is required for all .app websites. You can buy your .app domain name now, but in order for it to work properly in browsers you must first configure HTTPS serving. For more information about configuring HTTPS, including resources to obtain an SSL certificate, please contact our support.
Please note: The SSL requirement is enforced at the browser level, so there is no mandated order of purchase. The HSTS Preload list, to which .app is inscribed, only forces encryption on HTTPS connections, thus, .app domain names that do not have an SSL certificate configured may still be used for other services like e-mail and non-browser based uses such as defensive registrations.
Sunrise: From March 29 (16:00 UTC) until May 1 (15:59 UTC). Only for trademark holders with a valid signed mark data (SMD) file. First-come, first-served. Early Access Program (EAP): From May 1 (16:00 UTC) until May 8 (15:59 UTC). First-come, first-served General Availability (GA): As of May 8 (16:00 UTC). First-come, first-served.
Please note: Applications can be submitted until 1 hour before the end of Sunrise / EAP respectively before begin of General Availability.
CENTR's DomainWire Global TLD Stat Report (Q3/2017) has been published. The report covers the global status and registration trends in all TLDs, with additional focus on the European ccTLD market.
Highlights from the report:
1. Global market
Global domains under all TLDs have contracted slightly due to declines in several larger new gTLDs. Without these outliers, global growth was 2.5% YOY and combined domains globally are an estimated 311 million.
ccTLDs make up around 40.7% of the global TLD market, with the remaining split between legacy gTLDs (52.7%) and new gTLDs (6.6%)
Of the top 15 largest TLDs globally, the ccTLD .ca (Canada) had the largest YOY growth at 5.5%
Most categories of the new gTLDs have continued to grow, except for some of the more generic-termed TLDs such as .xyz and .top.
The 58 geographic TLDs around the world have an average of 11,000 domains under management. Combined growth of this category over the past 12 months was 8% with a median rate of 1.8%. The largest geo-TLDs are .london, .nyc and .tokyo
High-growth new gTLDs over the past 12 months include .men, .loan, .stream, .kiwi and .???.
2. European market
Median growth trends amongst European ccTLDs continue to stabilize after a long period of slowdown. Several larger ccTLDs (+1M registrations) have also seen increasing growth trends over the past year. Some of the stabilization and turn-around in growth might be attributable to decreases in average deletion rates.
High-growth ccTLDs in the region over the past year include .se (Sweden), .pt (Portugal) and .al (Albania); of the larger ccTLDs, most have a growth rate of around 2%
ccTLDs make up an estimated 58% of the European market (against locally-registered gTLDs). New gTLDs make only 2% of the European market (far lower than the global proportions).
As we informed, the following changes apply to .ie (Ireland) domain names: The extension X-IE-DOMAIN-CATEGORY has become obsolete and the extension X-IE-OWNER-REMARKS has been added as an optional parameter.
Now we would like to inform you about further updates regarding .ie domains:
1. The values for the parameter X-IE-APPLICANT-CLASS will change on January 9, 2018 (10:00 UTC).
The following classes will apply:
The existing classes will be mapped to the new classes for API commands and forms:
OLD CLASS => NEW CLASS:
Body Corporate (Ltd, PLC, Company) => Company
Sole Trader => Business Owner
Unincorporated Association => Club/Band/Local Group
School/Educational Institution => School/College
Statutory Body => State Agency
Constitutional Body => State Agency
Discretionary Applicant => Blogger/Other
Natural Person => Blogger/Other
2. In addition, the rules for registering .ie domain names will be changed in March 2018.
The need to explain in a separate form why a registrant want a particular name (also called "claim to the name") when registering .ie domain name will be removed. Anyone with a real connection to Ireland will be able to register any available .ie domain they want.
In the meantime, it is important that registrants protect their brand and register any available names they need before the rules change. The only way to ensure that no one registers a domain they want or need is to register it themselves. More information about the planned policy liberalization for .ie domains can be found here. (https://www.iedr.ie/liberalisation/)
We are now accepting your binding applications for .radio domain names.
The following eight launch categories are running simultaneously. The allocation will happen at the end of the timeframe according to the hierarchy of priority status of each category. The priority is descending from Sunrise to Landrush. Statement of intended use for the domain name is required in all phases/categories. Sunrise: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for trademark holders with a valid signed mark data (SMD) file. Unions of broadcasters: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for International Alliances of radio and/or television companies. Broadcast radios: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for Official Radio Operators. Internet radio: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for Internet Radio Operators. Amateurs: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for Radio Amateurs using a license to operate in the radio frequency spectrum. Professionals: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for currently active Radio professionals. Related companies: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC). Only for companies of any kind producing goods or developing activities or services for the .radio community. Landrush: From August 23 (00:00 UTC) until October 31, 2017 (00:00 UTC).
General Availability: As of November 15, 2017 (00:00 UTC). First-come, first-served.
PLEASE NOTE: Applications can be submitted until 1 hour before the end of Sunrise or the other parallel categories respectively before begin of General Availability.
The .sc registry announced the release of automated premium registrations for 1- and 2-character and former registry reserved .sc domain names on September 1, 2017 (15:00 UTC). .sc ist the country-code top level domain of Seychelles.
If you are interested in the list of available domains, please contact our support team.
Please note that the .tel registry has recently introduced premium domains in seven premium tiers. This concerns:
- all 3-character numeric domains
- all 3-character letter domains
- all 4-character numeric domains
- all 4-character letter domains
- and a limited number of mixed numeric and letter 3 / 4-character domains
These domains are now handled as premium domains in our system.
The renewal fee for .tel premium domains will be lower than the premium registration price but higher than the regular .tel price scale. The exact renewal fee can be retrieved via our Support Staff. This also applies for legacy domains.
We are now accepting your binding applications for .boston domain names.
Sunrise: From August 1 (16:00 UTC) until August 31, 2017 (16:00 UTC UTC). Only for trademark holders with a valid signed mark data (SMD) file. First-come, first-served. General Availability (GA): As of October 10, 2017 (16:00 UTC). First-come, first-served.
Please note: Applications can be submitted until 1 hour before the end of Sunrise respectively before begin of General Availability.
smdfile0 = [Line 1 of your SMD file] - REQUIRED
smdfile1 = [Line 2 of your SMD file] - REQUIRED
smdfile2 = [Line 3 of your SMD file] - REQUIRED
smdfile3 = [Line 4 of your SMD file] - REQUIRED
trademark = [Your token] - REQUIRED