A little background
No doubt everyone will be familiar with Bennison’s saga against Nominet, which begun when he was desperate to find out the details of the owner of a certain domain, only to find that they were protected by a privacy service offered by hosting giant GoDaddy. This service was an optional extra offered upon payment of an annual fee, through a company called Identity Protect Limited. When Bennison approached this company to ask for the details of the registrant of another domain called “bailiffhelpforums.co.uk” just over a year ago, the company breached its contract with the registrant by unprotecting the details of the registrant and showing their full name and address not just to Bennison, but to the whole world, despite the absence of a court order or any involvement from law enforcement or any other government agency. Identity Protect Limited failed in its duty to its client by revealing the details in response to a complaint from Bennison, without any authority to do so.
When Bennison tried this little stunt with another domain also registered using the same privacy service, he hit a brick wall and the details were not made available. This was not out of any change in policy nor sense of duty to Identity Protect Limited’s clients, it was the result of Bennison’s own actions. He had previously raised a formal dispute with Nominet’s Dispute Resolution Service over this domain name, claiming it was an abusive registration. As a result, the database record for this domain name was locked by Nominet, as it is Nominet’s policy to lock the records of disputed domains to avoid any transfers or change of details while the dispute is resolved. As we all know, Bennison lost this dispute with Nominet. While the database remained locked by Nominet, Identity Protect Limited were unable to change the record to reveal the details of the registrant. The irony is, had Bennison not disputed the domain, he would, no doubt, have managed to get Identity Protect Limited to reveal the details once more.
It was as a result of losing this dispute and failing to obtain the details of the registrant, that Bennison decided to take matters further and headed for the High Court to apply for an ex-parte emergency injunction against Nominet to suspend the domain. The recklessness of this action landed Bennison with a £26,000 costs order for Nominet’s legal costs. Thanks to our regular contributors, we now know that Bennison’s bankruptcy hearing will take place on the 7th of August, and it can be safely assumed that he will not be able to oppose it.
New rules apply from May 2018
As stated at the top of this article, under new rules, the details of .uk domain registrants no longer appear on the WHOIS database. This means this nice little earner for the GoDaddy group is now dead, as the details no longer appear, there is no need for a privacy service. There is, however, a technical difference. With the privacy service offered by Identity Protect Limited at the time of the dispute, Nominet would have on its database, this company’s name and their registered address on their database as the registrant of the domain, and only Identity Protect Limited would know the details of the client paying for their privacy services, the real registrant of the domain. That meant when Nominet looked up a domain on their own database, they wouldn’t be able to ascertain the name of Identity Protect Limited’s client. Only Identity Protect Limited would have held that information on their own database. The rather simple fact was lost on Bennison, whose whole action against Nominet centred around the idea that Nominet were concealing the identity of the registrant who, in Bennison’s own words “committed criminal offences against him”.
What Bennison regarded as an act of alleged “complicity” is now official: the details of domain registrants are concealed by default unless they specifically request for them to be shown, as per Nominet’s own website:
GDPR Changes for .UK
Fri 20 April 2018 13:02
On 22nd May 2018 several changes will be made to existing rules and policies to ensure compliance with GDPR. In brief these changes are:
- The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018. Like many organisations, we are making changes to comply with the new GDPR legislation across all areas of the business. We will be implementing the following changes on 22nd May 2018
- The .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
- For registrants who wish for their data to be published in the WHOIS, we will provide appropriate mechanisms to allow them to give their explicit consent.
- The standard Searchable WHOIS will continue to be available, but will only include name and contact details where registrants have consented for their data to be published in the WHOIS to ensure GDPR compliance.
- An enhanced version of our Searchable WHOIS service will be made available free of charge to specific LEAs*. Those users will have access to the names and addresses we hold.
- The Privacy Services Framework will be discontinued
- The rules for 2nd level registrations will be aligned with the third level rules. Address for service will no longer be required and PO Boxes will be accepted as valid address types.
*LEAs stands for Law Enforcement Agencies. This means Nominet will reveal the identity of the registrants to the relevant authorities. If a website was used to commit a criminal offence, the Police would, no doubt, have access to the data. But it should be noted that is is up to the Police to establish whether an offence is being/has been committed, not to individuals to say it has, merely because they don’t like what they see.