How can the personal data be removed from the whois?
Under the GDPR, no personal data may be shown anymore except when there is consent, when it is required by law or when there is a legitimate interest. In most cases all personal data is removed from the whois output unless the domain holder has explicitly consented to publication.
However, we see that several registries still publish more or less personal data. Examples of these are
- EURid (.eu) who still shows the e-mail address of the owner (rationale: required by the European Commission and there's a legitimate interest in being able to contact the domain owner)
- AFNIC (.fr), NIC ES (.es) and SIDN (.nl) who still show the name of the owner, even if it is a private individual
- DK Hostmaster (.dk) who still shows all personal data (rationale: it's required by local law)
We expect that registries in the course of the first months to years after the GDPR will review their whois strategy, so changes may be seen over time.
If you want personal data to be removed from the whois, you should file a complaint with the data controller: the registry. Contact details may be found on the registry's websites.
An easier way of removing personal data is using our Whois Privacy Protection services, if it's available for that specific extension.