Why should WHOIS data be used?
Whois data is publicly available – in the opinion of the DSK (since 1 January 2014 DPA) therefore by any ‘legitimate purposes’ recyclable – EU Data Protection Working Party expressed concern about the WHOIS system – Unclear policy at NIC.AT – probably not in conformity with EU
In so-called WHOIS contact directories of domain owners are included. There are, in addition to some technical data, especially the contact information (name, address, mobile or E-mail) of the domain owner and technical managers. In Austria, for the management of .at domains nic.at GesmbH responsible, which also operates a WHOIS database.
The access to the Whois directories is always easily available to everyone. There are corresponding search templates available on the Internet with which these Whois directories can be queried.
In nic.at provides that phone numbers and e-mail addresses can be hidden, while the name and the address are each if issued.
For companies, this appears to be largely unproblematic, but here there is possibly then a problem when individual employees are forcibly given as a contact. The situation is quite different to judge in private. With the falling cost of the domain hosting more and more domains are registered by private individuals. Due to the procedure of nic.at but also their private data will be published in the WHOIS directory.
Mandatory publication of domain data, sometimes also motivated by consumer protection interests, often contributes more to the confusion as to clarify. In the e-commerce research on e-rating.at a very high proportion of anomalous data was found.
This handling of WHOIS directories was also from the Art. 29 -Datenschutzgruppe the EU critically analyzed (see FIG. Opinion 2/2003). Also in the adopted 2004 work program of the EU data protection group the WHOIS issue on the agenda.
From a privacy perspective of personal data of individuals resulting from this release some problems.
The primary purpose of the WHOIS directory is a way to create to be able to contact the owner of a domain for technical or legal problems. To achieve this purpose, the release of the data is not necessary. nic.at has already over the data and if there is a legitimate interest, this could be published by nic.at.
In § 7 para. 3 Data Protection Act 2000, the principle of least intrusive intervention is normalized in the privacy of the individual. Any further use of personal data is not permitted.