Extensive Changes Planned for DENIC Whois Domain Query: Proactive Approach for Data Economy and Data Protection
In the future, DENIC will only record the contact details of the domain holder, two additional e-mail addresses as contact points for abuse reports and general and technical requests as well as the usual technical domain data.
Data Economy as the Guiding Principle
The General Data Protection Regulation (GDPR), which will be applicable as of 25 May 2018, includes hardly any material changes compared to the currently valid Federal Data Protection Law of Germany with regard to the legitimacy of data processing. Nevertheless, DENIC has taken the change in the European data protection legislation as an opportunity to thoroughly review its data processing procedures, which have been in place nearly without any amendments and always rated fully compliant with the law by the competent data protection authority for 30 years. The driving force behind this was the principle of data economy. The drastic reduction of stored data makes the registry of .de domains a pioneer in this field.
Within the framework of the Domain pulse conference in Munich, Germany, on 22 and 23 February 2018, DENIC announced changes with regard to the collection and publication of registration data. DENIC CEO Dr. Jörg Schweiger points out that the innovations will not only further strengthen DENIC's role in the Internet community but also ensure that DENIC is optimally prepared for future developments and interpretations of the law.
Data Collection and Data Output: What's New
In addition to the domain holder data, DENIC will record two non-personalised e-mail addresses, which will be the responsibility of the registrar. One address will be destined for general and technical requests ("General Request") and one will be the contact for abuse reports ("Abuse). Of course DENIC will continue to collect domain-related technical data, such as name servers, DNS key information and the like, since they are needed to establish the functionality of the domain.
Next to the status of the domain, these two e-mail addresses and the technical data will be the minimum that will be output by the domain query service. The previously used contacts, Tech-C, Zone-C and Admin-C, will no longer be collected and thus also not displayed.
Personal holder data will not be shown any more in the whois output. If there is a legitimate interest in these data and thus a data protection criterion met, DENIC will still reveal the data. To process the several thousand whois queries DENIC receives every working day, the registry plans to use semi-automated processes for evaluating the legitimate interest in and subsequent output of the data.
With the survey DENIC has installed to precede a domain query since the start of February 2018, we obtain valuable information about the query behaviour of different (user) groups. The results will be reflected in the further development of the service, tailored to the users' specific needs.