A US Court last week upheld a decision that prevents DomainTools from breaching .nz domain names registrant’s privacy and publishing their personal details.
The original decision prevented DomainTools from creating a shadow database of .nz registrant data. And now a second US Court has sided with the Domain Name Commission (DNCL). The first decision in favour of .nz domain name owner’s privacy was made in September 2018, but DomainTools immediately appealed and lost again in the US Court of Appeals on 17 July.
As Domain Pulse reported when the appeal was being heard in June, the case has revolved around whether DomainTools should be able to access .nz registrant data. The DNCL says DomainTools is expressly prohibited from a mass harvest of registrant data, while DomainTools have claimed when they downloaded the registrant data there were no restrictions, and DNCL should not be able to retrospectively stop them.
In 2018, the DNCL mandated that a privacy option be offered for all .nz domain name holders that are not in trade. It means people can withhold their address and phone number from publicly appearing in the online registration data search. More than 63,000 domain names have already taken up the privacy option, and the number is growing.
The DNCL had problems with how DomainTools were using the Whois data they bulk harvested from .nz registrants.
The decision will likely resonate with other top-level domain registries, both country code and generic, around the world and the ability of companies like DomainTools to harvest registrant’s data.
“Domain name regulators and the domain name industry need to pay attention to this decision. It is an important legal case,” Carey said. “The fact scenario is unlikely to be different for ccTLDs or gTLDs.”
“This case illustrates that the judiciary is not hesitant to step in and weigh in to the contractual, online privacy and security debate. It demands that domain name holders have a right to privacy online.”
Going forward it’s now possible that other registries will use this precedent to stop third parties using registrant data without their permission, assuming it’s against the terms and conditions as it was for .nz.
To the DNCL’s knowledge, Carey says they’re the only one they know of involved in litigation with Domain Tools. But that others may well be contemplating litigation.
“It is also true that the US Courts have twice now said we have primie facie a strong legal claim for breach of contract against companies like DomainTools. I do expect other TLDs or gTLDS to get in touch with us and ask us about our tough enforcement stance to protect registrants privacy.
“After all, it started with a cease and desist letter, open dialogue and a good faith negotiation. But has now resulted in litigation. We hope other stewards of their country’s domain name system or online communities feel as strongly as we do about protection of registrants privacy rights.”
DomainTools was approached for comment but kindly replied their “firm policy is to not comment on any ongoing litigation. I’m sorry, but we won’t be able to contribute.”