The nic.at WHOIS database, the public register of all registered .at domains, currently contains details on the holders of and contact persons for .at domains, regardless of whether they are companies or private individuals. Under the EU General Data Protection Regulation (GDPR), nic.at will only publish legal persons’ data from mid-May 2018. Natural persons can still have their data published if they wish.

For decades, it has been standard practice in domain administration to display domain holders’ data in a public database called WHOIS. The domain holder is informed of this when registering the domain. nic.at’s terms and conditions (T&C) form the legal basis for publication. This practice will change when the GDPR comes into effect, explains the head of nic.at’s legal department Barbara Schlossbauer: “The GDPR defines special protection requirements for natural persons, so we will not publish their data any longer, although we still need to receive their details during the domain registration process.” The regulation is comes into force in mid-May 2018 and this will also lead to amendments in nic.at’s T&C and the registration guidelines for .at domains.

New WHOIS format effective from mid-May

In future the data shown for domains owned by natural persons will only include the domain name, the registrar responsible and necessary technical information. If a company or organisation owns the domain, the holder’s name and address will still be published, although contact data like e-mail address, telephone and fax number can be hidden upon request. The registrar submits information on whether a domain is held by a natural or legal person when registering the domain. If a private individual requests that their data be displayed, the registrar can also arrange this. “There will certainly be a lot of cases where people will definitely want to show that a real, trustworthy person is responsible for a particular website,” explains Schlossbauer.

Information on private domain holders only for legally justified reasons

Until now, domain holders’ data have been publicly accessible at www.nic.at. From mid-May, this will no longer be possible. “In future, natural persons’ domain data will only be accessible to people who identify themselves and have a legitimate legal reason for finding out who the domain holder is,” Schlossbauer points out. This includes law enforcement agencies, lawyers or people who contact nic.at following domain disputes and can prove that their rights have been infringed.

No changes in domain availability check

The adaptations in the WHOIS policy will not affect the public domain availability check, explains Schlossbauer: “When it comes to obtaining accurate information on whether a .at, .co.at or .or.at domain is still available, nic.at will remain the first point of contact for reliable availability checks.”