Domain name privacy protection is an option that’s available from web hosting services and domain name registrars to prevent spamming and exposure of personal information about a domain’s registered owners. It’s a paid add-on that, advocates say, is an essential feature for stopping the abuse of email addresses and other publicly available WHOIS data—but do you really need to purchase a domain privacy protection plan to protect your website and your identity?
Domain privacy protection can provide a sense of security, but thanks to new updates to international regulations aimed at protecting online privacy, buying domain privacy protection is a choice, not a must-do, for your small or mid-size business or professional website.
Domain Name Privacy Protects Whois Data
To register a domain, you must provide the domain registrar (or your web host, if you’re registering a domain through it) with basic contact information that includes your legal name, address, phone number, and an email address. This information confirms that you are the domain owner of record, and it’s entered into a public database called Whois, which answers the question “who is responsible for this domain name or IP address?”
The Whois database is one of several databases for holding internet registrant data. These databases are accredited by the Internet Corporation for Assigned Names and Numbers, or ICANN. ICANN is a nonprofit organization that maintains and coordinates IP (Internet Protocol) addresses and the Domain Name System (DNS), and it makes sure that every entity on the internet has a unique identifier that can be accessed by computers everywhere in the world. That is why everyone who registers a domain name must provide legitimate identification to an ICANN database.
By default, the information you submit when registering your new website becomes available for public access. This makes it possible for anyone to locate the actual owner of any website, anywhere in the world—an important consideration for transparency and legitimacy. But because anyone can access Whois data, this can expose site owners’ contact information to abuses of all kinds, ranging from an onslaught of spam and direct marketing campaigns to cyberstalking, threats, and identity theft.
Domain name privacy protection plans were designed to provide some security for information stored in very public Whois databases. In general, for an annual or monthly fee, domain privacy providers obscure key aspects of a site owner’s Whois data, such as an address or phone number, and forwards queries for this information to a proxy server or another secure portal. In this way, the information is blocked from public view, with a notification to viewers that the information is protected by a third party security provider. These kinds of plans can give users some control over the public visibility of personal information and still allow access through the proxy.
GDPR and Other Protections Change the Environment
Recent high profile incidents of data hacking highlight the importance of hiding personal information from public access on the internet. Those incidents and other events that involve the misuse of sensitive personal data have led to the creation of a number of new data privacy regulations that aim to give internet users more control over personal data and how it can be used.
In the spring of 2018, the European Union implemented a sweeping set of data privacy regulations collectively called the General Data Protection Regulation or GDPR. This law has now become the primary means of protecting the personal data of EU citizens in online environments around the world, and companies and other entities that fail to comply can be subject to stiff fines and penalties. Within the EU, some countries, like Germany, have even stiffer laws.
The GDPR isn’t limited to regulating the use and availability of personal data solely in the EU. Because the internet is a global network, any website that could be used by EU citizens anywhere in the world becomes subject to the provisions of the GDPR. This includes Whois and other ICANN certified databases for registering websites and IP addresses.
The GDPR stipulates entities that collect personal data must anonymize this data to protect data owners’ privacy, and that data owners must give their consent for specific uses of that data. That requirement has set the stage for conflict between the GDPR and ICANN over the public display of personal information in Whois databases without registrants’ specific consent.
After several legal battles, ICANN has now implemented a provision called the Temporary Specification for gTLD Registration Data, which tries to accommodate the wide-ranging regulations of the GDPR while making some website and IP registrant information still available to the public. Under this temporary provision, some technical information about a registered site itself, such as the date of registration, domain expiration date, and the sponsoring registrar, can be viewed publicly, but personal information pertaining to the registrar can’t be viewed without a specific request that data owners can refuse.
Should You Buy Domain Name Privacy Protection?
In terms of domain privacy, the GDPR and ICANN’s temporary fix effectively provide basic protections for sensitive personal data stored in Whois databases, so that may be enough protection for some users without the need for purchasing additional domain privacy protection. But ICANN’s Temporary Specification is just that—temporary. ICANN continues to work with GDPR authorities to find a lasting solution—and eliminating Whois databases may be one option.
Meanwhile, it’s up to website owners themselves to determine the privacy protections for their sites. Buying domain privacy protection can give site owners more control over the display of Whois data and add layers of protection against spamming, data theft, and even “real world,” threats due to the publication of a user’s home address and phone number. Domain privacy protection plans are available at relatively low cost, and some are even free. Plans can be renewed or canceled with your domain renewal.
Information is the currency of the digital world, and in that world, personal data can be more valuable than gold. The GDPR and its related regulations aim to protect that data on a global scale, and this includes key personal data held in domain databases. Owners of domains large and small can opt for added security in the form of dedicated domain privacy plans that keep the most sensitive Whois information out of the wrong hands.