Using Domain Name Registration Data
Under ICANN contracts, RDDS can be used for legal purposes except for enabling mass unsolicited commercial advertising or solicitations. Additionally, it cannot be used for enabling high-volume, automated electronic processes that send queries or data to a registry or registrar's systems except as necessary to manage domain names.
The recent evolution of data protection regulations across the globe changed the landscape and impacted the availability of personal data through RDDS. Specifically, the European Union General Data Protection Regulation (GDPR) has brought about changes in ICANN agreements and related WHOIS policies. Read more about how the ICANN community and organization has responded to the GDPR here.
One of the key outcomes of the policy changes was the restriction of access to most personal data. However, ICANN contracted parties (registries and registrars) are required to provide reasonable access to registration data that was previously publicly available. The community is working towards addressing the need for access to previously public registration data while aiming to strike a balance between data privacy and accessibility.
Below are numerous purposes for which people use RDDS:
- Determining whether a domain is available.
- Diagnosing registration difficulties.
- Contacting web administrators for resolution of technical matters associated with a domain name.
- Providing investigators and law enforcement officers with information to quickly investigate a compromised website.
- Requesting to obtain the real world identity, business location or contact information of an online merchant or business, or generally, any organization that has an online presence, subject to an established legal purpose.
Aiding law enforcement in:
- Identifying if the domain name holder is maliciously or incorrectly using a trademarked domain name.
- Online crime investigations such as identifying the criminals as well as determining the scope of their activities.
- Gathering investigative leads, finding email addresses, and attempting to identify the location of an alleged perpetrator of a crime involving fraud.
Contacting a domain name registrant on matters related to:
- The protection and enforcement of intellectual property rights.
- Registrant's obligation to maintain accurate registration information.
- Discussing and negotiating a secondary market transaction related to a registered domain name.
- Establishing or looking into an identity in cyberspace, and as part of an incident response following an Internet or computer attack- (Security professionals and law enforcement agents use RDDS to identify points of contact for a domain name).