What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law focused on data protection and privacy for all citizens and residents of the EU. GDPR regulates how companies - including GoDaddy - can process personal data about individuals in the EU. GDPR goes into effect on May 25, 2018. For a full description of what GDPR is and how GoDaddy is GDPR compliant, please review What is GDPR?
Who does this impact?
This impacts how GoDaddy handles data for customers residing in the EU. In addition, users in certain countries are routed to the GoDaddy website for another market because they mirror the same language and currency (e.g., customers in Morocco use the GoDaddy website in France). These customers will be treated the same as EU customers, and thus their information will generally be handled under the same GDPR requirements. To see the list of countries impacted, please visit GDPR Affected Country List.
What is WHOIS?
WHOIS is an ICANN-mandated service that provides basic information about a registered domain, such as domain owner contact information, domain availability status and the company with which the domain is registered.
How is WHOIS data accessed?
WHOIS data is usually delivered to end users by dedicated web portals, or through an automated mechanism referred to as "Port 43 Access." While web portals, such as https://whois.godaddy.com, can protect against data harvesting using CAPTCHAs and other web-based authentication methods, Port 43 Access has no such protections and is susceptible to automated bulk harvesting of domain data, leading to SPAM and robocalls issues for our customers.
How does GDPR impact availability and access to WHOIS data?
To ensure our compliance with the GDPR and other applicable global privacy laws, GoDaddy is required to restrict both the publication of and access to WHOIS data.
- Port 43 Access
- GoDaddy's https://whois.godaddy.com
In addition to lacking adequate and necessary security protections, Port 43 fosters the ability to bulk harvest data without limitation and in excess of any legitimate use or purpose. For these reasons, GoDaddy will limit the data published at the Port 43 Access point to include only domain technical information along with the State/Province and Country for the domain contacts.
For domains impacted by GDPR (see above for list), only domain technical information, the Registrant Country and State/Province, and the Registrant Organization will be returned. GoDaddy will continue to publish full WHOIS data for domains for everyone else (unless they are using a proxy or privacy service to protect their personal data).
How can I contact Registrants whose data is not published in WHOIS?
GoDaddy has created a web-based form as a mechanism to reach out to the registered name holder of a domain. When GDPR goes into effect on May 25, when a WHOIS search is done on https://whois.godaddy.com, there will be an option to contact the registrant via the web-based form, which will be delivered as an email to the registrant.
How can I gain access to WHOIS data in support of a Law Enforcement investigation?
For domains with WHOIS not impacted by GDPR, full contact data can be found by accessing https://whois.godaddy.com. If the WHOIS results show Domains By Proxy as the registrant, please visit Domain By Proxy Subpoena Policy on how to proceed. For domains with WHOIS records that do fall under GDPR rules, starting May 25, please contact whoisrequests@GoDaddy.com.
What if I live in a protected region and I just purchased Domains By Proxy?
If you purchased Domains By Proxy within 30 days of May 25, 2018, you are eligible for a full refund if you decide to cancel the service. If you elect to keep Domains By Proxy, you will receive an upgrade to an enhanced privacy and security product at no additional charge. An email will be sent on or about May 25 with further details.