Historical Whois Data and Privacy Laws

Whois data is mandated to be public information.  ICANN requires this in their contracts with registrars who, in turn, require it for registrants.  As a result of the mandate to be public the situation is exempt from most privacy laws (in spite of the European IP address registry claims).  However, the historical data is not that clear as that information is not mandated to be public.

In the USA the .us domain space is controlled by the US Department of Commerce.  When personal data is compiled by a US government agency the data is covered by the Privacy Act.   This Act requires the government to correct mistakes and delete obsolete records.  A court case was filed concerning the current whois data because the US government will not allow “whois privacy” or proxy services.  This case was lost and the restrictions remain.  However, the case did not address the historical data.

An inquiry was submitted to the .us registry (Neustar) and the US Department of Commerce NTIA.  Neustar then hired well known lobbyist Becky Burr as their Chief Privacy Officer.  Backy Burr is a Washington attorney who has been involved in domain name and privacy regulation.   Like many of these regulators, she has never actually run a business herself and does the bidding of the clients of her law firm.  She was instrumental in setting up ICANN as a private entity who can tax yet those that pay the tax have no say whatsoever in how the organization is run.  Further, the ICANN scheme circumvents protections such as the Freedom of Information Act (FOIA).  ICANN can now raise taxes any time they want and spend money however they wish with no recourse for those footing the bill.

In Canada laws concerning personal information require old data to be made anonymous or deleted.

In Europe a labyrinth of privacy laws apply to whois data.  ICANN was given an exception concerning the current whois data but it does not include historical data and proposed whois validation and retention proposals may violate these laws.  The European IP address registry refuses to explain their legal authority in placing restrictions on the data (which is often used for security purposes).

European privacy laws state information “collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.”

Australia also has privacy laws that may affect whois data.

EPIC’s privacy and WHOIS issues page.