Nominet opens up to privacy

United Kingdom

Pursuant to a stakeholder consultation carried out between March 12 and June 3 of this year, Nominet, the ‘.uk’ domain name registry, has introduced changes to its WHOIS framework, clarifying the criteria for its WHOIS opt-out policy for individuals, which allows them to omit their address details from the WHOIS, and opening the way for the privacy services to be available to all registrants.

The stakeholder consultation consisted of a series of questions made available online and, where permission was given by the respondents, Nominet has published the responses in full on its website. The responses showed, among other things, a lack of awareness of Nominet's current WHOIS opt-out procedure. In response to this situation, Nominet has stated it will be "amending its terms and conditions to clearly reference the availability of the WHOIS opt-out and provide further guidance for registrants on the eligibility criteria."

Under the current Nominet opt-out policy, an individual registrant whose domain name is not being used as part of a business or to carry out any kind of commerce can opt out of having their address listed in the WHOIS record of the domain name; their name does, however, remain listed in the record. The consultation document proposal that affiliate advertising and pay-per-click listings should generally only prevent opt-out if they were the sole use of the domain was a particularly polarising point among respondents. Nevertheless, such proposal was included in order to ensure that registrants such as bloggers that generate small amounts of revenue from such listings should not be excluded from opt-out.

Interestingly, 50% of respondents felt that registrant names should not be excluded from opt-out registrations and there was general consensus among registrars, law enforcement agencies and IP rights holders that the status quo should be retained in this regard.

The other major change heralded by the new framework is to officially recognise and allow the use of WHOIS privacy services. Under the current policy, such privacy services are not recognised by Nominet and registrations making use of them are not processed by Nominet in such a way as to recognise the underlying registrant as the true registrant of a domain name. Nominet has stated that this change will not only benefit registrants who wish to keep their details under privacy, but will also ensure that the registry has accurate information on the true registrant of the domain name.

As with the data for all ‘.uk’ registrants, the contact details of privacy services nominated by registrars will be validated by Nominet. The Registrar Agreement and associated policies will be amended in order to set out the standards registrars must meet if they use the privacy services functionality - namely, they must:

  • act as an address for service for the registrant;
  • respond to or transmit abuse complaints from third parties to the registrant; and 
  • provide contact details of the privacy service to be validated by Nominet and which will be published in the WHOIS.

Nominet has stated that it will make registrant contact information available to third parties, such as law enforcement agencies and IP investigators, upon request using the existing disclosure policy. However, the policy will be amended to include the additional step of notifying the registrar if data on a registration with a privacy services flag is to be released.

The key changes, which came into effect on September 1 2015, are outlined in this document.

David Taylor and Cindy Mikul, Hogan Lovells LLP, Paris

Get unlimited access to all WTR content