EU GDPR, is consent the Silver Bullet for Domain Name Registrations?

Update:28-11-2017

According to the Dutch DPA, consent is not the silver bullet. 

https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-unlimited-publication-whois-data-violates-privacy-law

This will make ccTLD registrations outside of the EU for natural persons very problematic and perhaps such registrations should be avoided, though this is not legal advice in any shape or form. 

Consent is often cited as the Silver Bullet to transfer data outside of the EU.The requirements, however, can be rather complex given the fact how registries/ICANN process and control the data.

The rules according to Art.6.1(b).

Data subjects are provided with a clear explanation of the processing to which they are consenting; The consent mechanism is genuinely of a voluntary and “opt-in” nature;
Data subjects are permitted to withdraw their consent easily;
The organization does not rely on silence or inactivity to collect consent (e.g., pre‑ticked boxes do not constitute valid consent);

  • Be specific and granular. Vague or blanket consent is not enough
  • Name any third parties who will rely on the consent
  • Make it easy for people to withdraw consent and tell them how
  • Consent must specifically cover the controller’s name, the purposes of the processing and the types of processing activity

Purpose
Consent will be needed for different processing operations wherever appropriate – so you need to give granular options to consent separately to separate purposes unless this would be unduly disruptive or confusing. As a minimum, consent must specifically cover all purposes.

Consent shouldn’t be.
Recital 32 also makes clear that electronic consent requests must not be unnecessarily disruptive to users. You will need to give some thought to how best to tailor your consent requests and methods to ensure clear and comprehensive information without confusing people or disrupting the user experience – for example, by developing user-friendly layered information and just-in-time consents.

Principles of data protection
In data protection, there is the fundamental principle which is unchanged even in the age of Big Data.

The data subject has to be in control of her/his data, which means for consent that you need consent for every each of the data processing activities (even for minor changes in the processing)

Scope

Considering that Registrars and Domain Name Resellers do business with more than 1000’s of TLDs located in more than 200 countries the complexity of getting consent “right” seems to be very difficult and complex and not recommended for domain name registrations.

The Right to be forgotten.
Individuals have a right to have personal data erased and to prevent processing in specific circumstances:

  • Where the personal data is no longer necessarily about the purpose for which it was originally collected/processed
  • When the individual withdraws consent
  • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing
  • The personal data was unlawfully processed (ie otherwise in breach of the GDPR)
  • The personal data has to be erased in order to comply with a legal obligation

The above adds another layer of complexity. Some Registries will delete the data of the data subject; some don’t. Currently, it is unknown which policies the registries have in place. In short, consent adds a whole layer of organizational challenges. It is assumed that the withdrawal of consent does not automatically imply that the service can be terminated as consent was not ““freely given”, a requirement of the GDPR.

Given the fact how the public WHOIS system works it is unknown how the right to be forgotten should work in practice within the DNS.

More information about consent can be read here.

 

.RU reaches 4 million domains milestone

The Russian registry, ccTLD RU, announced that .RU reached the  4 million domains milestone. It took the Russian Registry two years to reach 4 million domain names registrations. ccTLD RU crossed the 3 million barrier on september 25, 2010.

English: The Coordination Center for TLD .RU l...

(Photo credit: Wikipedia)

On may 13, 2010 the Russian registry released the IDN TLD .РФ wich reached 1 million registrations within eleven months after it was launched.

.RU currently holds the 4th position in list of biggest ccTLD’s after .DE, .UK  and. NL with a little over 15 million domains for .DE, over 10 million for .UK and over 5 million domains for .NL.

For more statistics regarding .RU you can visit the following url : http://statdom.ru/

.NL Domain Names reaches 5 Million Milestone

The Dutch registry, the SIDN, announced that .NL reached the 5 million domains

.nl -- Stichting Internet Domeinregistratie Ne...

5 Million DOT NL

milestone. They archieved this milestone just a year af ther 25th birthday of the .NL domain and 15 years after the SIDN took over .NL. .NL holds the 3rd position in list of biggest ccTLD’s after .DE and .UK with a little over 15 million domains for .DE and little over 10 million for .UK

Individuals are allowed to register a second-level .nl domain since 2003. As a forerunner, individuals were allowed to register a third-level domain since 2000. Such ‘personal domains’ had the form of john.doe.123.nl. They never became popular, and registration has been suspended since 2006.

SIDN is located in Arnhem and has 1800+ Registrars.

.NL Domain Name Registration History :

  • 1997 10.000 Domain Names
  • 1999 100.000 Domain Names
  • 2004 1.000.000 Domain Names
  • 2006 2.000.000 Domain Names
  • 2008 3.000.000 Domain Names
  • 2010 4.000.000 Domain Names
  • 2012 5.000.000 Domain Names
  • 2014 6.000.000 Dot NL Domain Names ?

For more information visit SIDN.

4.9 Million, 10 Million, 15 Million.

On 16 March, Nominet the ccTLD operator for *.uk reported they had over 10 million registrations. The 10th million .uk domain name registered is SwarveMagazine.co.uk. According to whois records the 10th million .uk domain name was registered by Steven Northam.

“We’ve been growing at around the 10% for the past couple of years,” said Nominet’s chief executive, Lesley Cowley.

Yesterday, SIDN the operator for the ccTLD .NL registered more then 4.9 million registrations. .NL is one of the largest ccTLDs in terms of total registrations . SIDN celebrated its three millionth domain name registration in 2008,while its two millionth milestone was reached in 2006. 6 years later, the number of .nl domain names has more than doubled .

Denic hit the 15 million mark yesterday. The 15th million domain name is floristennetzwerk.de. .DE is the world’s largest ccTLD, and the second largest TLD.

Eurid Q4 results.

Eurid just released their Q4 results of 2011.

.EU has matured as an extension. This was demonstrated by .eu consumer loyalty,shown in the robust and stable registration renewal rate.In 2011, 81.6% of .eu domain names were renewed which was consistent with 2010’s renewal rate (81.7%) and above the industry average.

Eurid 2011 Highlights. 

  • In 2011 Eurid reached a total registrations of 3.51 million .EU domain names.
  • DNSSEC rollout started
  • Website usage research. This study revealed that 31.4% of the .EU websites are being used for business usuage. Full report here.
  • Eurid closed the case on sex.eu

Number crunching.

During Q4 2011, the number of .eu registrations increased by 100 802 domain names, or 3.0%, to 3.51 million. The total number ofregistrations at the end of Q4 represented an increase of 5.5%, or 182 275 registrations, when compared with the total number at the end of Q4 2010.

IDN registrations reached a total of 67074 registrations wich is about the same as with other ccTLD registries that offer IDN according to Eurid.

Deletions : During Q4 2011, there were 166 309 deletions.

Domain disputes. Eurid offers an alternative dispute system (ADR) and received 12 cases in Q4, wich is the same amount as in Q3 2011. This trend is comparable with the amount of cases that WIPO received.

For more info about the Q4 2011 results download the PDF here.