If you’re required to make your customer information public, while also following privacy laws, Withheld for Privacy can help.
Under ICANN guidelines, registrars are required to make information public. When a customer registers a domain, their personal data, such as an email address and telephone number, is meant to be displayed publicly by default.
The only way ICANN will allow a registrar to “redact” Whois registrant information is in the EEA, where customers are protected by the GDPR. We believe that this is not a complete privacy solution. And here’s why:
First, many registrants reside outside of the EEA, and want their Whois information kept private from publication. Although they may have country laws that they believe provide them protection from publication of their information. As a registrar, you may choose to extend “redaction” to all domains where it’s allowed. However, the use of redaction alone does not protect your customers from “onward sharing” required by other third parties, such as registries.
At Withheld for Privacy, your customer information stays with you.
Registries often require registrars to share your customer’s Whois for every registered domain. With redaction alone, your customer’s information is required to be further shared with these registries. This means that your customers will be required to review every registered top-level domain to understand every individual registry’s privacy statements and guidelines.
Moreover, many privacy/proxy services may require a registrar to provide them with your customer’s personal information. This means that, even if you use a privacy/proxy service and avoid “onward sharing” with registries, your customer’s personal information may still be further shared because they require it. Your customers will, again, need to review another set of privacy statements and guidelines.
We believe this is not privacy-friendly, nor is it necessary.
At Withheld for Privacy, you get it all. Your customer’s information is not made public. There is no further “onward sharing” because your customer’s personal information isn’t passed to us.
We don’t ask for it, and we don’t need it.