Data protection in domain name services

Domain name registrars collect personal data from registrants (domain name holders) for domain name registration purposes. Registrars enter the data into the domain name register of the Finnish Communications Regulatory Authority (FICORA) and keep the data up-to-date. Registrars’ operations are governed by EU General Data Protection Regulation, Finnish law [pdf, 318 KB] and FICORA Regulation (68/2016 M).

FICORA does not conclude contracts with registrars on personal data processing. When a registrar registers as a .fi registrar with FICORA, they commit to complying with the obligations of a registrar laid down in Finnish law and FICORA Regulation.

The Act on Electronic Communications Services (917/2014) and FICORA Regulation 68/2014M constitutes a legal basis as referred to in the General Data Protection Regulation (GDPR, 679/2016) for a registrar to process the personal data of registrants for domain name registration purposes, in other words to provide domain name services.

The statutory obligations of FICORA include management of the country code .fi and maintenance of the .fi domain name register. FICORA acts as the data controller of the personal data entered into the domain name register, and the registrars act as the processors of the personal data on behalf of FICORA.

View graphic [pdf, 483 KB] of registrars’ data protection obligations.

Key words: Internet , Domain names , Registrar , Renewal , Reseller , Whois , Acts , Guidelines , Recommendations , Regulations

Updated 15.05.2018

LinkedIn Print