Categories
Articles

ECJ: Legitimate Interest in accessing registries

European Data Protection Regulators have been expressing their concerns for nearly twenty years about public records of domain name ownership (commonly referred to as WHOIS data). A recent case (C37-20) on public records of company ownership (required under money-laundering legislation) suggests that the European Court of Justice would have similar doubts. But its comments on […]

Categories
Articles

WHOIS access and the NIS2 Directive

The European Commission’s proposed update of the Network and Information Security Directive may revive discussions about access to WHOIS data. When a domain name is registered, contact details are typically requested for various purposes, including billing, administrative and technical questions. For most of the history of the DNS this ‘WHOIS’ data – including names, postal […]

Categories
Articles

WHOIS access for CSIRTs

Over recent months the GDPR has given extra weight to concerns – originally expressed by regulators fifteen years ago – about public access to information about individual registrants of DNS domains. This article considers the use of this WHOIS data by those handling information security incidents, and why this represents a benefit, rather than a […]