Nominet WHOIS changes fuel privacy fears

From November 2002 Nominet will broaden the ambit of information it discloses relating to '.uk' domain name registrations, as contained in its WHOIS database. Website operators are worried that these changes will put their privacy at risk, exposing them to identity theft.

Currently, Nominet's WHOIS search provides limited information in relation to '.uk' domain names, such as the date of registration and the registrant's identity. Nominet plans to expand the scope of disclosure to include the full name and address of registrants, together with renewal details.

The disclosure of this type of registration information is not uncommon. Many domain name registrars in other jurisdictions, including Australia and the United States, provide this information in WHOIS search results. Also, domain name registrars that are accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) are required by ICANN's registrar accreditation agreements to obtain such contact information from registrants and to provide it publicly through a WHOIS service.

Nominet's plan has caused concern that (i) registrants' privacy will be threatened, or (ii) Nominet will breach its obligations under the UK Data Protection Act 1998. However, neither of these concerns appears convincing. First, there is a strong argument that the public should be able to determine the full details of website operators (as can be done in relation to companies), especially where a commercial venture is being operated from a website. Second, Nominet states on its site that it is registered as a data controller and its use of registrants' data will comply with the act.

Given that Nominet is suggesting that should registrants not wish to have public details available on WHOIS, they can provide a 'care of' or post office box address, it may well be that the practical implications of these changes will be minimal.

Karen Anne Hayne, Coudert Brothers, London