CoCCA Software Update Allows Registry Partners to be GDPR-Compliant

CoCCA will be updating its backend registry software to enable its registry partners to be GDPR-compliant in time for the European Union’s General Data Protection Regulation (GDPR) that comes into effect on 25 May.

The principle of data minimisation, where only personal data that is adequate, relevant and necessary is collected, retained and disclosed has been adopted by the ccTLD managers using CoCCA shared infrastructure of the following ccTLDs: .af, .cx, .gs, .gy, .ht, .hn, .ki, .kn, .sb, .tl, .kn, .ms, .nf.

For the above ccTLDs, as of 15 May the only data collected from domain name registrants will be:
only registrant contact details are required, administrative, technical and billing contacts are optional.
existing administrative, technical and billing contacts may be deleted by registrars.
registrars will be able to associate two email addresses directly with a domain (for abuse reports and technical queries), these emails will be publicly disclosed.

Regarding data disclosure:

  • if a data subject is an EU resident or a non-EU resident who uses an EU registrar (or one of their resellers) personal data (name, email, phone and physical address) will be redacted from publicly available interfaces. For the avoidance of confusion, personal data will be redacted based both on the declared address of the contact and the location of the registrar.
  • if a data subject resides outside the EU and uses the services of a registrar outside the EU the personal data disclosure will not be impacted by GDPR.
  • if personal data has been redacted and the data subject would like to disclose it, the data subject will be provided with tools by CoCCA to disclose the redacted data.
  • if personal data has not been redacted and the data subject believes it should be (for example, a citizen of an EU country residing overseas), the data subject will be provided with tools by CoCCA to redact their personal data.

Access to redacted data will be available for:

  • law enforcement and the Secure Domain Foundation will be able to access redacted data via RDAP and port 43 WHOIS.
  • intellectual property owners or other entities who have a legitimate interest in redacted data will be able to order historical abstracts online for a nominal fee (provided they sign an attestation).

An updated version of the CoCCA software containing multiple GDPR configuration options will be released on 20 April with CoCCA able to assist registry operators to upgrade and configure their registry software to align with their GDPR compliance efforts.

CoCCA advise that it should not be assumed that all registry operators using CoCCA Tools will patch and configure the software for GDPR compliance. There are many registry operators who use dated and unsupported versions of CoCCA Tools.