Personal data are published in the Whois online directory. Is this normal?

What is the Whois?

The directory service provided by Afnic for all the TLDs it manages: .fr (France) .re (Réunion Island), .yt (Mayotte), .pm (Saint-Pierre and Miquelon), .wf (Wallis and Futuna) and .tf (French Southern and Antarctic Lands).

The Whois database is designed to provide accurate administrative information on the holder of a domain name and the various contacts associated with it, as well as technical information relating to the domain name itself.

This information allows you to check the availability of a domain name, to contact its holder or to check your own registrations, etc.

Afnic defines and sets out the terms and conditions of this service in the Policy on publication and access to information and the domain name registration systems.

Yes, the Whois contains personal data

As a registry and in accordance with the provisions of the French Post and Electronic Communications Code, Afnic is tasked with collecting the information required to identify the natural or legal persons registering domain names from registrars, and consequently establishing the Whois database.

Principle of confidentiality of personal data

The principle is simple: the personal data of domain name holders who are natural persons are not published in the directory service available to the general public.

How does it work on a technical level?

When registering a domain name with a registrar, the holder selects “natural person” or “organisation”:

• If they select “natural person”, the contact details of the holder are protected by confidentiality by default.
• However, if they select “organisation”, the contact details are published in the directory service available online to the general public. This applies even in the specific cases where personal data are used to identify them where publication of this identifying information concerns legal persons and organisations is required to incur their professional legal liability for a trustworthy Internet.

Personal data are published in the Whois online directory. Is this normal? What should I do?

If the principle is so simple and clear, why are personal data found in the Whois online directory?

Personal contact data can be published in Whois in the cases described below.

For each case, information is given on the steps to take if this publication of personal data is not “normal”.

Confidentiality and third party rights

The confidentiality of the personal registration data of natural holders of domain names is not absolute and ends where the rights of others begin in application of the French legal framework.

Afnic provides these personal data on legitimate request under the framework set out in the Naming Charter.