Tiered Access – Gated Whois FAQ’s
Q What is the Tiered Access Directory (gated Whois)?
The Tiered Access Directory is Easyspace’s “gated” version of the Whois directory. It allows accredited third parties, such as members of law enforcement, to view the contact data of domain registrants who use our platform.
Up until 25th May 2018, the registration data for all domain names was, by default, published in the public Whois directory, where it was visible to any party who performed a “Whois lookup” on a domain.
With the advent of the GDPR and other similar privacy laws, however, the public display of this personal data has become problematic. This led Easyspace to the decision to redact real contact data from the public Whois. Alongside this change, we implemented our gated Tiered Access Directory as a means for parties with a legitimate legal interest to access this personal data, while ensuring it is not unnecessarily exposed through display in the public directory.
Q Why can’t I see real contact information in the public Whois anymore?
Under the GDPR, personal data may be collected and processed only when there is a legal reason to do so. This means that the public Whois system as it exists today is incompatible with the principles of data privacy that the GDPR affirms.
Q How will Whois change?
Easyspace has implemented a new “gated Whois” system. Under this new system, the registrant, admin, and technical contact information for registered domains will no longer be visible in the public Whois database.
“Full” Whois data for registered domains will only be accessible to legitimate and accredited third-parties, such as law enforcement, members of the security community, and intellectual property lawyers, through the gated Whois. This “full” Whois data will be limited to those personal data elements that we have obtained permission to process, either via contract or via consent of the data subject.
This switch to a gated Whois was made in an effort to reconcile our GDPR-imposed restrictions with our ongoing obligations as an accredited registrar. As of 25th May 2018, registrant information—name, organisation, address, phone number, and email—will be considered personal data that can no longer be published in the public Whois. However, we feel authenticated access to this information, in a specific and limited manner, must be provided to those with legitimate reasons to request it. A gated Whois system will allow for this, while also ensuring that private information remains guarded from the general public.
Q Is it possible to opt-in to the display of real data in the public Whois?
At this time, it is not possible to choose to have real registrant data displayed in the public Whois record. We are working on making this option available in the near future while remaining compliant with data privacy regulations.
Q In the gated Whois, what data will be displayed?
Registrant contact data which is held based on contract, and data for which we have consent, will be displayed in the gated Whois — unless the domain is privacy-protected. If the domain has Contact Privacy, the Privacy masking data will be displayed both publicly and within the gated Whois.
Q Will the public Whois output still display domain dates, status, nameservers, and sponsoring registrar?
Yes. The technical data (the top section of current the Whois output) will show up in the public-facing lookup.
Q What is the difference between the output in the gated Whois and the output in the Contact Privacy (Whois privacy) Whois?
The gated Whois is a portal where accredited third-parties can access “full” Whois information, and the output available here includes personal data that is hidden from the public Whois. However, the Whois output for domains with Contact Privacy (Whois Privacy) will remain the same as it is prior to May 2018, both in the public Whois and in the gated Whois. This means that contact privacy details, including a contact privacy email, will be displayed for domains with ID Protect (Whois Privacy) in the gated Whois.
Q Will the GDPR-related changes to the Whois affect non-EU domain registrants?
Yes. We are applying all Whois-related changes platform-wide, meaning all registrants will receive the same level of data protection regardless of citizenship or location.
Q Will the gated Whois show information for privacy-protected domains?
Access to the gated Whois will only reveal information which was public prior to 25th May 2018. It will not reveal the Whois information for privacy-protected domains. In fact, the Whois output for privacy-protected domains will be the same in both the public and gated Whois, and we will continue to require a court order or other legal documentation for access to this information, as we do today.
Q Should I still consider activating Contact Privacy?
Whois privacy will continue to remain a valuable service to registrants worldwide. Even when the public Whois “goes dark”, there will still be a gated Whois, where registrant data will be made available to parties with a legitimate interest. So, while the audience for registrant data will no longer be the entire public, it will still be sizable. This is where Whois privacy comes in—if privacy is active on a domain, the personal data in the registration record will remain protected from those with access to the gated Whois. The service also provides a way for third parties to contact the domain owner via the privacy service email address displayed in the Whois output, an option that will not be provided as a part of GDPR data protection. In addition, the personal data associated with a domain that is protected by Whois privacy will not be shared with registries.
Q Update the Whois contact information associated with my domain
To update any Whois contact information, including email addresses, log into your control panel, go to Domain Management, select “Edit” beside the domain and scroll down to WHOIS CONTACT DETAILS.
Q Transfer of Ownership, Change of Registrant and Domain Trades
The transfer of domain ownership from one individual or organisation to another is governed by ICANN’s Inter-Registrar Transfer Policy. The process is sometimes also referred to as a change of Registrant or domain trade. Transferring ownership of a domain is accomplished by updating the owner contact information in Whois. Under the current ICANN policy, both the old Registrant, and new Registrant must approve modifications to this information. A confirmation email is sent to both the old Registrant email and the new Registrant email. Each party must follow the link provided to a confirmation page, where they grant approval of the transfer.
This same process also comes into play when minor updates to Whois contact information are made. Please see below for an in-depth explanation.
Updates to Whois Contact Information
ICANN has determined that Registrants are unique and identifiable by their specific combination of:
- First Name
- Last Name
- Organisation Name
- Email Address
This means that a minor change to any of the above-mentioned fields in the owner contact information, will, legally speaking, initiate a change of ownership. Take a look at the example below, which involves a simple update to the organisation name field:
Old Registrant Information
|Organisation Name :||Amazing Business Inc.|
NEW Registrant Information
|Organisation Name :||Associates & Associates|
Both the old and new Registrant will have to approve of this change. In the example above, firstname.lastname@example.org would receive two emails, both of which must be approved in order for the transfer of ownership to take place.
Q Whois Data Reminder Policy (WDRP)
This policy is enforced by ICANN and requires all Registrars to annually present each Registrant with the current Whois info associated with the Registrant’s domain(s).
This information is sent via email to the Registrant in a WDRP message. The message contains a link to a page where the Registrant may update their Whois info, should they need to do so. If the Whois info is still up-to-date and complete, no action is required on the part of the Registrant. A lack of response on the part of Registrant is assumed to mean that the Whois info presented was accurate.
Easyspace sends a WDRP message to each Registrant 120 days before their domain’s expiry date. For domains that are registered for multiple years, this information is sent via email, 120 days before the anniversary of the domain’s initial registration date.
Q Whois Verification
When a domain is registered, or the contact details listed in Whois for a domain are modified, the updated information must be verified. This process is referred to as Whois Verification.
The whois verification process is simple
An email containing a link to a confirmation page is sent to the Registrant, and they must then confirm the following fields:
1. First Name
2. Last Name
3. Organisation Name (if applicable)
4. Email Address
The Whois verification process is triggered by the following:
1. Registration of a new domain
2. Transfer of a domain to a new owner (accomplished through updating the owner contact info)
3. Minor updates to the owner contact information (Ex: From John Doe, email@example.com to Johnathan Doe, firstname.lastname@example.org
NOTE that this minor change to the first name is still legally considered a “transfer of ownership.”
IMPORTANT when changes to the owner are made, we first check to see if a previously validated record exists for the updated combination of first name, last name, and email address. If an exact match exists, the domain will be considered validated and is therefore exempted from the Whois verification process. No further action is required. When the owner contact details listed in a domain’s Whois info are modified, the Registrant is required to verify the changes within 15 days.