WHOIS modifications for GDPR

With the coming into force of the GDPR (Regulation 2016/679) on the 25th of May 2018, Fondation RESTENA, operating as the registry of the .lu ccTLD, presents a modification of its WHOIS database lookup service. The proposed solution aims at maintaining the original WHOIS purpose while protecting personal data in accordance with the GDPR and limiting abuses.

Current information (including personal data related to holder and contacts) will still be collected by the registry, without any change on the technical interfaces with its accredited registrars. The data collection, process and transfer operations will be legally covered by a revised version of the Registry-Registrar contract.

WHOIS replies on the command-line interface (RFC 3912) will be limited to basic public information about the domain. The existing web-based WHOIS will reveal holder information for organisations only and will allow to send an email to the administrative or technical contacts without revealing their email address (via a web form).

The web-based WHOIS will allow to request and motivate an access to a more complete data set (either via a web form or by downloading, filling and sending a PDF document). Fondation RESTENA will assess the request legitimacy in accordance with the European and National rulings, notify the domain holder/admin contact and eventually transfer the data.

When appropriate, selected organizations might have an automated access to more complete information only for a limited purpose and under a legal agreement. This particularly envisions national certs with an official authority whose mission requires a broader access.

In a second phase, we will introduce an opt-in for revealing personal data on the web-based WHOIS only.

GDPR - Additional Information

  • DNS-LU makes the document Privacy Notice available to registrants which explains how DNS-LU collects, uses, transmits and discloses (referred to together as “processes”) domain name requestors’ and holders’ personal data under .lu, including administrative, and/or technical and/or billing contacts (“involved persons”), and the means by which this is done. 
  • With the coming into force of the General Data Protection Regulation (GDPR) on May 25th 2018, DNS-LU has reviewed Terms and Conditions of Service as well as the WHOIS search service which is a simple tool for looking up limited information under certain conditions. The proposed solution aims at maintaining the original WHOIS purpose while protecting personal data in accordance with the GDPR and limiting abuses.

          For further details see section WHOIS of « Quick-Links ».