Privacy is a priority, for all of us. While privacy laws vary around the world - from GDPR in Europe, to the CCPA in California, and new laws emerging in countries like India and Brazil - our goal is to provide our customers a consistent and world-class privacy experience no matter where they live. To this end, our core privacy tools are available to all of our customers, and, as always, GoDaddy does not sell your information.
What is CCPA, GDPR etc?
The California Consumer Privacy Act (CCPA) is a California law that creates new rights for California consumers and sets requirements as to how companies are permitted to collect, use and share personal information of California citizens. The law will come into effect on Jan 1, 2020.
The General Data Protection Regulation (GDPR) is a European Union law focused on data protection and privacy for all citizens and residents of the EU. GDPR regulates how companies - including GoDaddy - can process personal data about individuals in the EU. GDPR went into effect on May 25, 2018.For further details please see What are Privacy Laws?
Who does this impact?
Privacy laws around the world impact how GoDaddy handles data for all our customers. Those these requirements may vary, GoDaddy seeks to provide our customers around the world a consistent privacy experience in both how we handle and use your data and also what rights we provide for you to manage and update this data.
What is WHOIS?
WHOIS is an ICANN-mandated service that provides basic information about a registered domain, such as domain owner contact information, domain availability status and the company with which the domain is registered.
How is WHOIS data accessed?
WHOIS data is usually delivered to end users by dedicated web portals, or through an automated mechanism referred to as "Port 43 Access." While web portals such as https://whois.godaddy.com , can protect against data harvesting using CAPTCHAs and other web-based authentication methods, Port 43 Access has no such protections and is susceptible to automated bulk harvesting of domain data, leading to SPAM and robocalls issues for our customers.
How does GDPR, CCPA and other applicable privacy laws impact availability and access to WHOIS data?
To ensure our compliance with the GDPR and other applicable global privacy laws, GoDaddy is required to restrict both the publication of and access to WHOIS data.
For domains impacted by GDPR, only domain technical information and Registrant's Country, State/Province and Organization (if provided) is returned. To see the list of countries "GDPR Countries", please visit GDPR Affected Country List.
For the rest of world, GoDaddy will continue to publish full WHOIS data for domains (unless they are using a proxy or privacy service to protect their personal data) until July 1, 2020, at which time we will also only return domain technical information and Registrant Country, State/Province and Organization (if provided) for all domains across the globe.
How can I contact Registrants whose data is not published in WHOIS?
GoDaddy has created a web-based form as a mechanism to reach out to the registered name holder of a domain. When a WHOIS search is done on https://whois.godaddy.com ,there is an option to contact the registrant via the web-based form, which will be delivered as an email to the registrant.
How can I gain access to WHOIS data in support of a Law Enforcement investigation?
For domains with WHOIS not impacted by GDPR, full contact data can be found by accessing https://whois.godaddy.com (until July 1,2020).If the WHOIS results show Domains By Proxy as the registrant, please visit Domain By Proxy Subpoena Policy on how to proceed. For domains with WHOIS records that do fall under GDPR rules, and for all WHOIS records worldwide beginning July 1, 2020, please contact whoisrequests@GoDaddy.com. Requests should include name of the individual investigator and the Agency, and the domain that is part of the active investigation. For additional information, see Request for Disclosure of Registrant Information for Law Enforcement Agencies.
How can I opt-out of the GDPR limited WHOIS?
Due to Port 43 lacking adequate and necessary security protections, we have decided to not allow customers to bypass our protections currently in place. For customers who want to opt-in to provide their full contact information through web-based WHOIS, we recommend they contact firstname.lastname@example.org .
How will my domain contact info stay private?
Domain Privacy is automatically added to eligible domains registered with GoDaddy to protect your personal domain contact info. When Domain Privacy is turned on, the domain contact info shown in the public WHOIS directory will be replaced with substitute details from our privacy partner, Domains By Proxy®.
- Turn off Domain Privacy any time to show your domain contact info on the public WHOIS directory.
- Set up 2-step verification for the best security on your domains and account.
- Make sure you turn on auto-renew to continue your domain registration uninterrupted.
- Some domains aren't eligible for Domain Privacy due to registry restrictions. Review the Domain Name Registration Agreement for details.
- These rules also apply to the contact info you have in the technical and administrative contact sections for the domain.
- If you've decided to invoke Nominet's WHOIS opt-out policy, the visibility of your contact info will be determined by that policy, regardless of your Domain Privacy or Domain Protection through GoDaddy.