DENIC have introduced significant changes to the publicly available data available through Whois requests for .de domain names that will see registrant data drastically restricted and only available to law enforcement bodies as a result of the European Union’s General Data Protection Regulation (GDPR) that came into effect on 25 May.
The changes in data publicly available for the German country code top level domain (ccTLD) will see that next to the contact details of the domain name registrant, such as name, email and postal address, DENIC will only record two additional email addresses for contact purposes as well as the technical data of the domain name.
The two email addresses recorded in addition to the registrant data will be non-personalised. They will be under the registrar’s responsibility and will serve as points of contact for general and technical requests as well as for enquiries or notifications about a possible unlawful or improper use of the domain. Also, DENIC will continue to record such technical data, including name server or DNS key information, that is needed to establish the functionality of the domain.
In addition to the domain status data (“registered”/”unregistered”), as of 25 May, only the domain name’s technical data and the two email addresses for the specified contact purposes (General Request and Abuse) will be available via the Domain Query. Those data relating to the technical contact and zone administrator (Tech-C, Zone-C) as well as to the administrative contact (Admin-C) previously output here will no longer be recorded and consequently not displayed anymore.
DENIC will still provide registrant data where legally required to public authorities acting within the framework of their public powers (including law enforcement, hazard prevention or seizing orders). DENIC will also disclose registrant data, on the basis of case-by-case assessments and upon submission of evidence of a legitimate interest, to such parties who own a right to a name or trademark that may be violated by the domain, or to such claimants who have obtained an enforceable title against the domain registrant and seek judicial seizure of the registrant’s claims defined in the domain contract, under civil law. In all other cases, DENIC will provide no information on the registrant.
For evaluating the legitimate interest of enquiries and for the subsequent provision of the relevant data, DENIC will use both automated and non-automated processes.