Answers about the GDPR and Whois
The General Data Protection Regulation (GDPR) is a European regulation that has prompted many domain name registrars and registries to remove registrant names and contact information from Whois records. It was adopted on 14 April 2016 and became enforceable on 25 May 2018.
This page answers questions about how the GDPR affects the Whois data available through our Whois API and CentralOps.net tools.
NOTE
The GDPR has little or no impact on IP network Whois records. It primarily affects domain Whois records.
Last updated: 2024-03-06
Questions and answers
- Why am I not seeing registrant or contact data in domain Whois records?
- Am I missing data in the IP network Whois records, too?
- Does Hexillion have any special access to Whois data?
- Does Hexillion remove any contact information from Whois records?
- I need access to contact data for official business—law enforcement, dispute arbitration, legal notices, etc. What can I do?
- I need contact data for other reasons—making an offer of purchase, for example. What can I do?
- If I qualify for access to full Whois data, will I be able to use Hexillion’s API or software to process those records?
- Will the Whois contact data ever come back?
- Why am I not seeing registrant or contact data in domain Whois records?
-
From the beginning, Whois records have included details about registrants and contact persons such as names, postal addresses, phone numbers, and email addresses. The GDPR now generally prohibits publishing these details for natural persons (except in certain cases). The regulation only applies to EU/EEA residents, but some registrars are choosing to not make any distinction—they are withholding details for persons and organizations worldwide.
Bear in mind that this is not a universal blackout: Whois records may still contain the names and contact information of organizations, individuals who have chosen to make their information visible, and people who don’t live in the EU. Even EU personal data may be available in some cases. There is controversy over the GDPR and its interpretation, so different registries and registrars will have different policies.
- Am I missing data in the IP network Whois records, too?
-
The GDPR has not significantly affected the Whois records pertaining to IP addresses.
-
IP registries operate regionally, and all but one are outside the EU and deal with non-EU residents. The GDPR does not apply to them.
-
The European IP registry, RIPE NCC, has been operating under the GDPR’s predecessor, the Data Protection Directive (DPD), for years. They’ve concluded that their operations already comply with the GDPR, for the most part. They’re making just a few changes that shouldn’t affect Hexillion’s users and have a series of articles explaining their rationale.
-
- Does Hexillion have any special access to Whois data?
-
No, Hexillion doesn’t have any privileged access or special agreements with registrars. We can only see (and pass along to you) what has been made public. Furthermore, our systems generally get Whois information via port 43, and in some cases you may be able to get more-detailed records at the registrar’s Web site, typically after solving a CAPTCHA.
- Does Hexillion remove any contact information from Whois records?
-
No. We pass along all names and contact information that we get from the relevant Whois servers. If there are fields missing, it’s because the Whois server operators (registrars or registries) removed them.
Remember that Hexillion is not a domain registrar or reseller, so we don’t collect information directly from registrants. We just get public records and pass them on to you in a consistent, automation-friendly format.
- I need access to contact data for official business—law enforcement, dispute arbitration, legal notices, etc. What can I do?
-
For requesting non-public data about domains under generic TLDs, you can use the Registration Data Request Service launched by ICANN on 28 November 2023.
For data about domains under country code TLDs, you’ll need to contact the domain’s registrar or TLD’s registry directly and work it out with them. (The Whois records should indicate the registrar even if they don’t contain registrant details.)
- I need contact data for other reasons—making an offer of purchase, for example. What can I do?
-
Domain investors may be able to get information through ICANN’s Registration Data Request Service. Otherwise, if the Whois record doesn’t contain a working email address, the registrar may provide a Web form for contacting the owner. Beyond that, if the registrar won’t give you the contact information, you’ll have to find other ways of reaching the owner—and it may be difficult. Look for contact information or a contact form on the domain’s Web site. Search the Web in general for any mention of the domain’s owner. DNS records for the domain may have contact information, particularly if the owner wants to sell. Historical Whois records may also provide a clue.
- If I qualify for access to full Whois data, will I be able to use Hexillion’s API or software to process those records?
-
This situation is still developing, so we don’t know yet. Contact us if you have privileged access, and we’ll see what we can do.
- Will the Whois contact data ever come back?
-
Only time will tell, but probably not any time soon.