Profound Restrictions to Data Access for Third Parties

German ccTLD manager DENIC (.DE) is going to profoundly restrict the nature and scope of data recorded, processed and made publicly available via its Whois lookup service (Domain Query) in the context of domain registrations, under .DE. DENIC thus implements the provisions of the European General Data Protection Regulation (Regulation (EU) 2016/679) becoming applicable from 25 May 2018, which regulate the protection of natural persons with regard to the processing of personal data.

The amendments to the Domain Query that were mainly determined by the principle of data economy will become effective on 25 May 2018. With the new solution DENIC is fully prepared to also meet any upcoming legal developments and interpretations in the future.

Data Recording and Data Output: What's New

The upcoming changes with regard to the recording and publication of registration data were announced by DENIC already in an earlier press release on 1 March 2018.

Next to the contact details of the domain holder, such as name, e-mail and postal address, as of 25 May 2018, DENIC will only record two additional e-mail addresses for contact purposes as well as the technical data of the domain.

The two e-mail addresses recorded in addition to the domain holder data will be non-personalised. They will be under the registrar’s responsibility and will serve as points of contact for general and technical requests ("General Request") as well as for enquiries or notifications about a possible unlawful or improper use of the domain ("Abuse"), respectively. Also DENIC will continue to record such technical data, including name server or DNS key information, that is needed to establish the functionality of the domain.

In addition to the domain status data ("registered"/"unregistered"), as of 25 May 2018, only the domain’s technical data and the two e-mail addresses for the specified contact purposes (General Request and Abuse) will be output via the Domain Query. Those data relating to the technical contact and zone administrator (Tech-C, Zone-C) as well as to the administrative contact (Admin-C) previously output here will no longer be recorded and consequently not displayed anymore.

Specific Conditions to be Met to Be Provided Information on the Domain Holder

Details of the domain holder will no longer be displayed via the Domain Query.

In compliance with its legal obligations, DENIC will provide information about the domain holder to public authorities acting within the framework of their public powers (including law enforcement, hazard prevention or seizing orders). DENIC will also disclose holder data, on the basis of case-by-case assessments and upon submission of evidence of a legitimate interest, to such parties who own a right to a name or trademark that may be violated by the domain, or to such claimants who have obtained an enforceable title against the domain holder and seek judicial seizure of the domain holder's claims defined in the domain contract, under civil law. In all other cases, DENIC will provide no information on the domain holder.

For evaluating the legitimate interest of enquiries and for the subsequent provision of the relevant data, DENIC will use both automated and non-automated processes.

DENIC's amended policies as laid down in the DENIC Domain Terms and Conditions and DENIC Domain Guidelines will be published on the DENIC website as soon as the new terms and conditions for .DE domain registrations enter into force on 25 May 2018.