On October 26, the DDPA found (source document in Dutch) that the public disclosure of WHOIS data of domain name holders that are natural persons by Dutch registries violates the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens). WHOIS data includes the domain name holder's name, address, email address, and telephone number. Under the ICANN 2017 Global Amendment to Registry Agreements, registries are required to publish personal data of WHOIS domain name holders without redactions. However, the DDPA stated that this constitutes a violation of the privacy law because there is no "legitimate interest" or "necessary legal grounds" for publishing the data.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.