Due to the GDPR, nic.at has implemented a new Whois policy: Data of natural persons are not published any longer. Information on these data will only be given to people who provide proof of identity and are able to prove a legitimate interest for finding out who the domain holder is.  Natural persons can still have their data published if they wish.

As of now the public Whois data shown for domains owned by natural persons only includes the domain name, the registrar responsible and necessary technical information. “With this measure nic.at comes up to the protection requirements of personal data as defined in the GDPR”, explains Barbara Schlossbauer, Head of nic.at’s legal department. If a private individual wishes that their data be displayed, it is possible upon request. “We want to give this possibility to people who want to show that a real, trustworthy person is responsible for a particular website,” explains Schlossbauer this exception from the rule.

Information on private domain holders only for justified reasons

If a third party requests information on natural person’s domain data, it will only be provided to people who provide proof of identity and are able to prove a legitimate interest for finding out who the domain holder is. “This can be law enforcement agencies, lawyers or people who contact nic.at following domain disputes and who can prove that their rights have been infringed”, illustrates Schlossbauer. A buying interest or the wish to contact the domain holder is definitely no legitimate interest, as the lawyer points out: “I am also not able to investigate a car driver’s address over his license number just because I like his car and want to buy it”.
For private domain holders there are mechanisms implemented on www.nic.at so that they can check their own Whois data at any time and request their PDF domain certificate to be sent to their e-mail address.

Domain availability check and domain data of legal persons still public

The adaptations in the WHOIS policy will not affect the public domain availability check, explains Schlossbauer: “When it comes to obtaining accurate information on whether a .at, .co.at or .or.at domain is still available, nic.at will remain the first point of contact for reliable availability checks.” Also data of legal persons will still be published as before. However, companies often name contact persons with their personal e-mail address in the domain data. For these cases Schlossbauer has a recommendation: “We recommend companies to avoid the use of natural persons as contacts, as well as the use of personalized e-mail addresses. Instead, general addresses or departments should be used.” This can easily be changed with a data modification by the registrar.

Useful links

• 2018 anniversary year: 30 years of .at, 20 years of nic.at:
  https://www.nic.at/en/news/press/2018-four-anniversaries-for-austrias-internet
• nic.at company history: https://www.nic.at/en/the-company/company-history