Privacy is a priority, for all of us. While privacy laws vary around the world - from GDPR in Europe, to the CCPA in California, and new laws emerging in countries like India and Brazil - our goal is to provide our customers a consistent and world-class privacy experience no matter where they live. To this end, our core privacy tools are available to all of our customers, and, as always, GoDaddy does not sell your information.
What is CCPA, GDPR etc?
The California Consumer Privacy Act (CCPA) is a California law that creates new rights for California consumers and sets requirements as to how companies are permitted to collect, use and share personal information of California citizens. The law will come into effect on Jan 1, 2020.
The General Data Protection Regulation (GDPR) is a European Union law focused on data protection and privacy for all citizens and residents of the EU. GDPR regulates how companies - including GoDaddy - can process personal data about individuals in the EU. GDPR went into effect on May 25, 2018.For further details please see What are Privacy Laws?
Who does this impact?
Privacy laws around the world impact how GoDaddy handles data for all our customers. Those these requirements may vary, GoDaddy seeks to provide our customers around the world a consistent privacy experience in both how we handle and use your data and also what rights we provide for you to manage and update this data.
What is WHOIS?
WHOIS is an ICANN-mandated service that provides basic information about a registered domain, such as domain owner contact information, domain availability status and the company with which the domain is registered.
How is WHOIS data accessed?
WHOIS data is usually delivered to end users by dedicated web portals, or through an automated mechanism referred to as "Port 43 Access." While web portals such as https://whois.godaddy.com , can protect against data harvesting using CAPTCHAs and other web-based authentication methods, Port 43 Access has no such protections and is susceptible to automated bulk harvesting of domain data, leading to SPAM and robocalls issues for our customers.
How does GDPR, CCPA and other applicable privacy laws impact availability and access to WHOIS data?
To ensure our compliance with the GDPR and other applicable global privacy laws, GoDaddy is required to restrict both the publication of and access to WHOIS data.
For domains impacted by GDPR, only domain technical information and Registrant's Country, State/Province and Organization (if provided) is returned. To see the list of countries "GDPR Countries", please visit GDPR Affected Country List.
For the rest of world, GoDaddy will continue to publish full WHOIS data for domains (unless they are using a proxy or privacy service to protect their personal data) until July 1, 2020, at which time we will also only return domain technical information and Registrant Country, State/Province and Organization (if provided) for all domains across the globe.
How can I contact Registrants whose data is not published in WHOIS?
GoDaddy has created a web-based form as a mechanism to reach out to the registered name holder of a domain. When a WHOIS search is done on https://whois.godaddy.com ,there is an option to contact the registrant via the web-based form, which will be delivered as an email to the registrant.
How can I gain access to WHOIS data in support of a Law Enforcement investigation?
For domains with WHOIS not impacted by GDPR, full contact data can be found by accessing https://whois.godaddy.com (until July 1,2020).If the WHOIS results show Domains By Proxy as the registrant, please visit Domain By Proxy Subpoena Policy on how to proceed. For domains with WHOIS records that do fall under GDPR rules, and for all WHOIS records worldwide beginning July 1, 2020, please contact whoisrequests@GoDaddy.com. Requests should include name of the individual investigator and the Agency, and the domain that is part of the active investigation. For additional information, see Request for Disclosure of Registrant Information for Law Enforcement Agencies.
How can I opt-out of the GDPR limited WHOIS?
Due to Port 43 lacking adequate and necessary security protections, we have decided to not allow customers to bypass our protections currently in place. For customers who want to opt-in to provide their full contact information through web-based WHOIS, we recommend they contact firstname.lastname@example.org .
What if I have Domains By Proxy/Private Registration active on my domains when the changes to WHOIS are made?
Impacted customers will receive communications from GoDaddy prior to July 1, 2020 offering an upgrade to Domains By Proxy/Private Registrations to an enhanced domain protection/privacy offering at no additional cost, and also instructions on how to cancel if they do not wish to receive the upgrade.