General Questions
Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar
privacy services meets the policy objectives set out in the consultation document?
Yes
Comments
[No Response]
Q2. Do you wish to highlight any potential stakeholder impacts or concerns should the proposal to refine the
WHOIS opt-out eligibility criteria be implemented? Please explain, providing examples and evidence to support your
view, where possible.
We question whether an opt-out is required any longer, if a privacy service becomes available.
What are the benefits for having both services? Privacy has become a standard within the
domain name industry, and is the correct way for Nominet to move. It strikes us that the optout service become defunct once privacy becomes an option.
Previously it was argued that privacy services are charged for and opt-out not, however this is
down to the registrar - additionally there is no restriction that disallows charging for the current
opt-out.
Q3. Do you wish to highlight any potential stakeholder impacts or concerns should privacy services be permitted to
operate in the way in which we have proposed? Please explain, providing examples and evidence to support your
view, where possible.
The proposal does not fully cover some of the areas that will affect registrars, there are two
areas in particular where HEG have concerns;
1. The way that the privacy is implemented on a domain name.
2. The criteria and the feedback for a registrar when information is disclosed by Nominet.
1. Currently the existing WHOis Opt-Out applies to a contact, this is unworkable for a privacy
service, this should be on a per domain basis so a registrant is able to apply privacy to one
domain but not another.
2. As a registrar with a privacy contract in effect with a registrant, we would want to know if
data is disclosed to a third party, who that third party are and the circumstances for the data
request being granted. We would be obliged to let our registrant know that their underlying
data had been disclosed, and potentially lift the privacy agreement.
Q4. Please provide any other views on the direct impact these proposals may have on you or your organisation. It
would be helpful if you could advise your interest in the WHOIS, and the stakeholder group(s) you represent.
The proposed privacy solution will allow us to operate our current service without the risk
currently associated with DRS cases, something that we will be grateful for.
So long as the privacy proposals are standards compliant then as a registrar we have every
intention of providing this service.
Q5. Do you have a commercial interest in the domain name industry, including but not limited to acting on behalf of
registrants in the registration of domain names or holding domain names in your own name?
HEG is the parent company of registrars with TAGs 123-reg, Heartinternet, Domainmonster,
Dotukdomains
We would now like to ask you specific questions relating to each proposal. Not all questions are mandatory.
These are set out below for your convenience:

Do you agree with our assessment of the options we have chosen to not recommend?

Are the proposed criteria for eligibility of the opt-out clear and logical enough for WHOIS users and
registrants?

Do they meet your expectations as a WHOIS user or registrant?

Do you agree that domains used to collect personal data should be excluded from eligibility to opt out? If
you do not agree, we would like your thoughts on whether your concerns could be mitigated by being able
to use a privacy service.

Are there any process or technical consequences of the proposed changes to WHOIS opt-out eligibility that
Nominet should take into account or would discourage implementation of this proposal?

Do you think we should change the WHOIS query output so that the name of registrants who are optedout are withheld from publication, as well as their address?

What obligations, if any, should registrars be subject to in relation to drawing the attention of registrants
to the availability of the WHOIS opt-out?

Are there any specific standards that registrars should be asked to meet in order to provide a privacy
service?

Are there process or technical issues in separating collection from publication of contact data in the way
we have suggested that Nominet should be aware of?

Should the framework be restricted only to Nominet Channel Partner and Accredited Channel Partner Tag
holders?

If you believe the framework should not be restricted, and that other parties should be permitted to
operate privacy services, please explain why and provide comments on how Nominet could identify,
monitor, and enforce the framework for third parties.
Yes, I wish to answer some or all of the additional questions
i. Publish less data on the WHOIS
Yes
[No Comment]
ii. Removing the individual/trading tests from the opt-out
Yes
[No Comment]
iii. Align opt-out eligibility with the E-Commerce Directive
No Opinion
[No Comment]
iv. Do nothing in relation to privacy services / WHOIS opt-out
No
[No Comment]
v. Prohibit privacy services
No
[No Comment]
vi. Develop a Nominet privacy service for registrars to sell on to their customers (white-labelled solution)
No
[No Comment]
vii. Regulate privacy services offered by registrars
No Opinion
[No Comment]
WHOIS opt-out proposal
Q7a. To qualify to use the opt-out we are proposing that:

The registrant must be an individual; and,

The domain name must not be used:
o to transact with customers (merchant websites);
o to collect personal data from subjects (ie data controllers as defined in the Data Protection Act);
o to primarily advertise or promote goods, services, or facilities.
Are the proposed criteria for eligibility of the opt-out clear and logical enough for WHOIS users
and registrants?
No opinion
Comments
[No Response]
Q7b. Do the criteria meet your expectations as a WHOIS user or registrant?
No opinion
Comments
[No Response]
Q7c. Do you agree that domains used to collect personal data should be excluded from eligibility to opt out? If you
do not agree, we would like your thoughts on whether your concerns could be mitigated by being able to use a
privacy service.
No opinion
Comments
This seem very difficult to police, how is it monitored on a daily basis and what's to stop
someone using it and post-enabling, starting to run adverts, take payments etc.
Q8. Are there any process or technical consequences of the proposed changes to WHOIS opt-out eligibility that
Nominet should take into account or would discourage implementation of this proposal? Please explain with details
about whether this would affect registrants, registrars, WHOIS users, or other stakeholders.
Any changes to the criteria will have a knockon effect to the implementation of whois opt-out
on our brands.
Q9. Do you think we should change the WHOIS query output so that the name of registrants who are opted-out are
withheld from publication, as well as their address?
No opinion
Comments
[No Response]
Q10. What obligations, if any, should registrars be subject to in relation to drawing the attention of registrants to
the availability of the WHOIS opt-out?
There should be no obligation for a registrar to have provide the opt-out service or draw
attention to it.
Privacy Services proposal
Q11. Which, if any of these standards do you think registrars should be asked to meet in order to provide a privacy
service?
Acting as an address for service for the registrant, Being required to respond to or transmit
abuse complaints from third parties to the registrant, Being required to reveal contact details
on receipt of a Dispute Resolution Service complaint from a third party, Provide their own
contact details to be published in the WHOIS
Comments
[No Response]
Q12. Are there process or technical issues in separating collection from publication of contact data in the way we
have suggested that Nominet should be aware of? For example,

updating registration data of domains currently held using a privacy service to the registry

moving domains with privacy from a registrar to another (TAG change), where the new registrar does not
offer privacy

transfer of a domain(s) to a privacy service

transfer of a domain(s) to a new registrant

minimising the incidence of abuse

use of the RFC5733 contact disclose field for both name and address
Please explain with details about whether this would affect registrants, registrars, WHOIS users, or other
stakeholders.
Privacy services are not a new thing and many registrars have been offering such services for a
long time. The proposed changes by Nominet are a little different, but not unheard of, and will,
no doubt, result in technical changes - allowing persistance of privacy at transfer for example.
Q13. Whilst noting that the proposed privacy services framework would not apply to Self-Managed Tag users
where domains must be connected to the registrant, should the framework be restricted only to Nominet Channel
Partner and Accredited Channel Partner Tag holders?
Yes
Comments
If it is Nominets long-term aim to have Accredited Channel Partners then the service should be
limited to these and to encourage a high standard of service.
Do you wish to provide any supporting evidence in your submission?
No
The feedback we receive will inform our decision on changes to our WHOIS policy. We will publish all formal
stakeholder responses after this decision has been made. Please tell us if you agree to the publication of your
response by selecting one of the options below. Anonymous responses will not be published although they will be
taken into account.
Yes I am happy for Nominet to publish my response, along with my name and organisation