Out-Law / Your Daily Need-To-Know

Network Solutions Inc. (NSI), the domain name registrar owned by VeriSign Inc., recently announced that it is selling contact information about its customers. The European Commission has expressed concern that there could be a breach of data protection rules.

NSI controls the internet’s database of generic top level domains. For the first years of the World Wide Web, it was the only place to register .com, .net and .org addresses. The company recently approached marketers with an offer, described by NSI as: “Approximately 6 million unique customers, sliced and diced for you to target prospects, learn about a specific audience or retain customers… Take this information and run with it.”

An official with the internal market directorate of the European Commission told ZDNet.com that the Commission wants to “look into what exactly NSI is proposing and how it would be affected by data protection rules.” The European data protection regime forbids the transfer of personal data about European citizens to countries without equivalent legal protections, which includes the US.

Marketers are being offered registrants’ names, postal addresses, telephone numbers, an indication of whether their domain names are in use and, if so, whether they are doing e-commerce and whether they have security on their sites. However, e-mail addresses are not being supplied in an attempt to avoid spam.

NSI also says that consumers taking domain names will not be included in its lists for sale, which could avoid the concerns of the European Commission. However, it is not clear whether NSI is or is not including the personal details of the individuals at businesses who register the domain names. NSI also says that its customers were given the an opt-out to avoid their data being sold.

OUT-LAW.COM’s Linda Molloy, a lawyer specialising in e-commerce, said:

“If European companies want to use NSI's list, they should be asking NSI to give warranties that the list complies with data protection legislation. Otherwise, if the list is not data protection compliant, then companies who use the list may expose themselves to enforcement proceedings under the Act. This is essential as the cost of cleaning such a list would be dispropotionate to the actual value of the list.”

NSI is obliged by the US government to give public access to its WHOIS database. However, selling the data in “sliced and diced” format will be much more attractive to marketers.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.