Re: GoDaddy deleting most ancillary registration contact information

[David Conrad via NANOG <nanog () lists nanog org>]

Hi,

On Jul 17, 2025, at 2:43 PM, Mel Beckman via NANOG <nanog () lists nanog org> wrote:
> First, this seems like awfully short notice. Second, although I remember reading something about this a month ago 
> having to do with GDPR, I didn’t realize it would result in the deletion of existing data in North America.

IANAL, but my understanding is that one of the “nice” things about GDPR is that it applies to European citizens, 
regardless of where they’re located. So if an EU citizen happens to be the registrant/contact for a domain registered 
anywhere in the world (including in the US), the data holder (i.e., the registrar) would, in theory, be liable for 
misuse of that data to the tune of “up to €20 million or 4% of the company’s global annual turnover from the preceding 
financial year, whichever is higher.” Since registrars generally don’t know the citizenship of the information 
associated with individual registrants or their contacts, the term “better safe than sorry” probably applies.

> For domains I manage, I have an opportunity, however brief, to collect this information for future use. However, I’m 
> surprised that this is happening to domains registered in North America. I would think it would conflict with ICANN 
> requirements.

I see you, like any sane person, are blissfully unaware of the ongoing frenetic and kafkaesque events at ICANN since 
GDPR went into force in May 2018. In short, ICANN continues to require registrars to collect registrant information, 
however that information is (largely) unavailable to the public. Since the “temporary specification” (temp spec) was 
put in place shortly after GDPR went into effect, fields in Whois (now RDAP) that can contain PII must be redacted. 
ICANN did create a system to allow for requests of the redacted data (see https://www.icann.org/rdrs-en), but let’s 
just say opinions vary on its usefulness.

I suspect GoDaddy will probably argue that they have taken this step to try to minimize their liability exposure as a 
data holder — if the registry doesn’t require the data, the safest approach is obviously not to collect it. I believe 
this fits within ICANN’s requirements. Oh, and you, as a member of the public, will still be unable to see that data 
(law enforcement may be able to see it if they ask and/or they have a court order).

> Has anybody else got ideas on the impact of this going forward? I’m not in the domain resale business, but I am in 
> the business of troubleshooting network problems. :-)

My somewhat cynical answer: if you relied on domain (and likely IP address/ASN in the future) registration data, it 
might be worthwhile figuring out alternatives to that reliance.  Les cynically: pragmatically, given the vast majority 
of contact information these days points to privacy providers or is redacted, I’m unclear there will be significant 
impact — the data is already pretty useless.

Regards,
-drc

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/LCEN6OBFD5RDAKEDG5PXTD27Q3YAIGBZ/