Privacy by default account setting.

Today we introduce a new account setting called:”Default Privacy Protect setting”, which you can access by clicking here.

Setting disabled.

When selected, domain name registrations and transfers will not use our privacy service automatically. This is how it used to work for years.

Setting enabled when free (and available)

When enabled all domain name registrations and transfers will automatically use our privacy service. Regardless if you use WHMCS, our API or the domain name manager.

A list of available TLDs that can be used for this service is located here.

We keep recommending this service as it is unknown if gTLD registries will continue to publish the data in the WHOIS or not. Several large gTLDs will no longer publish the WHOIS, similar to how we will operate our WHOIS server. But some of them most likely will keep publishing registrant data.

Enabled (when available)

Same as above but also will use privacy services that are not free of charge. Please check the price list in your account if that is the case.

Registration

When you register a domain name you can override your account settings if required. Select the desired action from the drop-down menu.

Current Customers.

At the moment the default setting is not active, as mentioned earlier. Due to the new ICANN contractual regulations that have been rushed out of the door on 17-05-2018 this week, we are reviewing the option to turn this on for all customers. I apologize in advance for any inconvenience this may cause.

Realtime Register GDPR TLD matrix is now public.

Last week we received a lot of positive comments regarding our GDPR TLD matrix. And we had a lot of requests to get access to the matrix.
As a push to create more GDPR awareness, we decided to publish our API on the website for the public, including the GDPR TLD matrix.

You can enter the matrix here.

Keep in mind the matrix has been developed with the Realtime Register processes in mind and in some instances cannot be merely be pasted and copied.

One comment which we received a lot last week was:”wow there are so many unknowns.”
While that observation is spot on, it is the reality we all have to deal with in the TLD industry, and it is very annoying that at this stage we still do not have clear answers.
Most registries still have to determine their position on what they will publish in the WHOIS and what not.

So feel free to use the GDPR TLD Matrix.If there is a sense amongst registrars and registries turning the GDPR TLD Matrix into a collaborative effort, feel free to contact me.

I expect to update the matrix over two weeks and add a few more categories plus more information.

GDPR update, legal definitions and possible action items.

Below, a quick update and some information which is crucial to you as a reseller regarding the GDPR.

Privacy notice
We should have the privacy notice ready for you at the end of February.

Processing agreement
We expect to send this to our resellers at the end of February, given the vast amount of different jurisdictions and number of registries this may be delayed by a few weeks.

The processing agreement is required for your contractual agreements between you and our customers.

Legal definitions

  • ICANN, joint data controller
  • gTLD registries, joint data controller
  • ccTLD registries, data controller
  • Realtime Register (registrar), data processor
  • Reseller, data controller

Data processor
I consider Realtime Register a data processor, we process the data on behalf of you as a reseller.

Data collector/reseller
As a reseller, you collect the data from your customer(s).
From a contractual point of view, it is required you have the correct legal basis from your customer(s) to send us the data, data which we, as a registrar will transfer to the registry to register the domain name for your customer(s).

Depending on the TLD and the jurisdiction of the registry operator your legal basis will vary.
In some cases, a notice is required (easy).
In other cases, you will require consent for every piece of processing from your customer (very hard).

More information on how to obtain consent from your customer for domain name registrations can be read here. As getting consent is complex to use as a legal basis, you might want to read the following article by the UK DPA, please visit the following link

The GDPR and its impact on domain names is a very complex topic and our role as data processor is limited. So, if you are unfamiliar with the definitions above, I suggest you put in some research. A Data Protection Impact Assessment (DPIA) is a good idea to get a better understanding of which legal requirements apply to you under the EU GDPR.

More information regarding a DPIA can be found here.

When does the GDPR affect you as a reseller?
The GDPR would apply only to personal data included in the registration data of a natural person where:

  • The reseller/registrar and/or registry are established in the European Economic Area (EEA) and process personal data included in registration data;
  • The registrar/reseller and/or registry are established outside the EEA and provide services involving the processing of personal data from registrants located in the EEA; or
  • The registrar/reseller and/or registry are located outside the EEA and process non-EEA personal data included in registrations, where registry and/or registrar engage a processor located within the EEA to process such personal data.

Due to its complex nature, I will provide more info about the legal ins and out of publishing personal data in the WHOIS in another blog post.