cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
New

WHOIS and dotUS domain

Hi all.

 

I registered a .us domain a few days ago. As a European citizen (living in Europe), I was expecting my PII to be redacted from WHOIS entries. (I am aware of the .us requirements for registration - I hold a US residency card).

 

A couple of days after I registered the domain, I started receiving spam to the email address I used for the .us domain, referencing the full domain name. I looked up the records and discovered that my information had not been redacted by GoDaddy (though, they had with the other 5 (non-US) domains I registered at the same time).

 

Yesterday, I communicated with a GD representative via chat - he assured me that the information would redacted and I would have to allow up to 24 hours for the new information to propagate. It has been well over 24 hours now, and my information has not been updated/redacted. It remains available via whois.us elsewhere (I assume that the WHOIS.us information should update almost instantaneously, and - of course - everywhere else by now).

 

I just spoke with a GD representative in the UK. He claims that GD supplies the whois information to the EU (who?) and that is up to them to require the PII to be redacted, and that there is short window where the information may be 'harvested'. This makes no sense to me, and in any case, this does not explain why my information is still available via a WHOIS lookup. When I explained that this does not make sense, he became very snappy and rather rude.

 

So, how do I have my information removed? Of course, if I applied GD's propriety Privacy Protection, the information would be updated - but why can they not do it without this to comply with the law? Why is my information being made public in violation of the GDPR?

 

Anyone?

 

Thanks.

1 ACCEPTED SOLUTION

@ColF 

 

1) As I mentioned I did forward this to the GoDaddy Moderators of the community to review

2) GoDaddy is NOT the what sharing your PII - it is the .US registry who is sharing the information, GoDaddy is a passthrough to them...

Below is a screen shot of the what you should have seen when you registered the domain.... it specifically says Private Registrations are not available.

 

Screen Shot 2019-12-02 at 7.52.32 AM.png

 

 

 

 

 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post

15 REPLIES 15
Super User IV

@ColF 

 

.US domains specifically prohibit domain privacy. I did a quick google search and there are a number of articles about this - This isn't a GoDaddy item, but rather the .US domain registry 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

But this is not what I have been told by the two GD representatives. Irrespective, GD still have to abide by the GDPR and should not be supplying my PII to third parties (or publishing it) without my express approval.

 

If I was presently residing in the US, probably a different matter. Or, more complicated at least. As I understand it, the GDPR applies to all those living in the EU, even US citizens.

 

I'll try to dig up some references.

New

https://www.hipaajournal.com/does-gdpr-apply-to-eu-citizens-living-in-the-us/

 

Still trying to find an answer to my central question.

@ColF 

 

Unfortunately you were mis-informed by GoDaddy Support https://www.godaddy.com/help/about-us-domains-5856

 

As mentioned this is NOT a GoDaddy issue, but rather for the .US TLD (https://www.about.us/faqs)

"Proxy, or privatized registrations, are not permitted under current policy.

The .US TLD has an ongoing interest in ensuring that its top-level domain is administered in a secure manner and that the information contained within .US is reliable, accurate, and up-to date. One of the mechanisms to ensure the integrity of the .US namespace is the through the collection of true registrant information. The .US Registry employs an algorithm to detect the inadvertent or intentional registration of proxy, anonymous and/or private domain name registrations, and enforces a registrar’s obligation to not offer such services to .US domain name registrants."

 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

Hi PL281,

 

I've read similar elsewhere. Of course, if my details are not going to be redacted, surely this should be flagged when I am registering the domain!? I am still confused as to how .US registry is getting away with flouting the GDPR, and why GoDaddy is passing along my PII to the registry for publication. If GD operate in the EU, they must comply with the GDPR.

 

But yes, the information I've received from the two GD representatives was completely wrong. And, when I suggested (to the second representative) that what I was being told did not make sense, he became rather rude. I might escalate this - I assume the conversation was recorded.

@ColF 

1) I've forward this to have it reviewed as you shouldn't have had a rude support person.

2) I found a bunch of articles about the .us registry - vs ICANN and how that all works - 

 

From a privacy standpoint I hear you and understand.... and while I also agree that GoDaddy could put something about the WHOIS information during the checkout, every TLD has slightly different requirements and unfortunately it isn't GoDaddy that is making your information public but rather the .US registry  - as they are the ones that set the guidelines - You'd have this issue if you purchased a .US domain from anyone.  

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

Super User III

This is an unusual circumstance because most of the time .us registrations would not be covered by GDPR.  With the registration restrictions a permanent presence is required, either residency, a business or organization.  It may be that they see it as doing business with that US entity.

https://www.godaddy.com/help/about-us-domains-5856?

I have a US Green Card - so I should be covered. But for the time being, I am in Europe. If that should prove to be a problem with .US registry, I could transfer the domain to my wife (a US citizen).

 

As for the GDPR - their only concern is where I am located. At present, that's the EU. I see nothing in the GDPR regulations which allow for GD to provide my PII to a third party (.US Registry) without my express permission. If these two competing requirements are incomparable, GD should either refuse the registration, or request my permission before proceeding with the domain sale. GD must comply with GDPR - there is no exception for these kinds of circumstances.

 

Can someone point me to how I should escalate this with GoDaddy? My PII continues to be made available - I've contacted GD twice and instead of addressing the issue, they provide nonsense reassurances and explanations. This is an ongoing problem; GD continue to fail to comply with GDPR. This is for GoDaddy to fix. My PII being published is a real problem.

@ColF 

 

1) As I mentioned I did forward this to the GoDaddy Moderators of the community to review

2) GoDaddy is NOT the what sharing your PII - it is the .US registry who is sharing the information, GoDaddy is a passthrough to them...

Below is a screen shot of the what you should have seen when you registered the domain.... it specifically says Private Registrations are not available.

 

Screen Shot 2019-12-02 at 7.52.32 AM.png

 

 

 

 

 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

View solution in original post

Hi PL281,

 

I've made use of GoDaddy's Privicy Protection in the past. But, it is not needed when I am registering domains to an address within the EU. So, it is a redundant service for me as my PII should be automatically removed to comply with GDPR. That Privacy Protection is not a service offered to .US domain registrations is irrelevant, as I was not relying upon that service. I fail to see what the policy of .US Registry has to do with how GD is handing my PII. I was not asked for permission to publish my PII or for GD to pass it along to a third party. As I said earlier, if there are legal incompatibilities, I should not have been sold the domain or GD should have sought my express permission.

Hi @ColF,

 

As an accredited registrar, GoDaddy is required to report all registration information on .US domains to the .US registry - Neustar. There is no permission to be granted by the customer, as Neustar does not provide an exception to this rule. They are the ones to share - or publish - this data as they require. Your geographical location does not supersede this Registy's prohibition of privacy protection on their domains, and would apply around the world. We apologize that you were given misleading information by any support agents, but privacy cannot be applied to any .US domains. If the domains was registered in the last 5 days (120 hours) it/they may be cancelled for a complete refund.

 

 

TLH - GoDaddy | Community Moderator
Supporting you at x.co/247support
New

I was responding to the previous thread when it was suddenly locked.

 

I see that a moderator has responded there:

 

https://uk.godaddy.com/community/Managing-Domains/WHOIS-and-dotUS-domain/m-p/151319/highlight/true#M...

 

I do actually appreciate the response, but, unfortunately, it was too late and it has now been over five days. However, I still require a full refund for this and the related domains (I also purchased the brokerage service for the related .com - unused - I cannot now use it). I will contact ICO regarding GoDaddy's non-compliance with the GDPR. This is simply not good enough. I was about to request a full refund (and leave it at that), but given that a GD moderator now strongly implies that I can no longer do this (if this had been suggested before, I would have been within the 5-day period), and that, somehow, 'GD is not obligated to adhere to the GDPR', I will instead lodge a complaint with the authorities.

 

GD - I have informed you that you are continuing to make (or are responsible for making) my details public. You did this. You must resolve the matter ASAP. You did not seek my express permission to publish (or share) my details. The GDPR requires such actions to be be affirmed by me. I don't care how you remove my details - just do it! (I can no longer, in any case, make use of the domain(s) as my privacy has been compromised - I will have to go in another direction (another domain, with my PII hidden)).

 

Colf.

Super User III

I understand your frustration, but this is based on policy from the .us registry Neustar.

 

You can email them at support.us@neustar.us

Community Team
Community Team

Hello @ColF,  all of the information you have been provided is factual and accurate.  Most country code TLD's, including .US do not allow private registration to be applied to their registrations.  Each Registry, including Neustar which manages the .US TLD, has the option to determine the registration criteria for their domains.  GoDaddy and other registrars that offer these registrations must adhere to the registration criteria set forth by Neustar.  

 

The following information is taken directly from the .US Registry FAQ on this page https://www.about.us/faqs.  

Will proxy registrations, sometimes called "domain privacy” be alllowed on my .US domain name?

Proxy, or privatized registrations, are not permitted under current policy.

The .US TLD has an ongoing interest in ensuring that its top-level domain is administered in a secure manner and that the information contained within .US is reliable, accurate, and up-to date. One of the mechanisms to ensure the integrity of the .US namespace is the through the collection of true registrant information. The .US Registry employs an algorithm to detect the inadvertent or intentional registration of proxy, anonymous and/or private domain name registrations, and enforces a registrar’s obligation to not offer such services to .US domain name registrants.

 

When you register a domain, you must accept the terms and conditions for the registration of each domain, and in the case of registering a .US domain you are agreeing that you can not use private registration to hide owner information on the public Whois database.  

 

It also states private registration is not supported in GoDaddy's .US documentation as found here: https://www.godaddy.com/help/about-us-domains-5856?

 

We are not able to make an exception to the policy as set forth by the Registry.  

 

Thank you. 

 

MPC