Norwegian domain names are registered and maintained via registrars. Registrars are enterprises that have a contract with Norid to submit applications and updates on behalf of the domain holder, and generally acts as an intermediary between Norid and the holder. In order to register a domain, a holder must sign one contract with Norid and one with the registrar.
A domain is created as soon as Norid registers it to an organization1or an individual. The domain holder is granted the right to use the domain name for as long as the registration is valid, normally until the organization or individual terminates it. The holder may transfer the domain to others or request its deletion. After deletion, anyone can register the domain name anew.
1. Purpose of a registration directory service
The purpose of the registration directory service is to contribute to resolving technical problems where individual domains threaten the functionality, security and stability of other domains or the internet as an infrastructure. The purpose is also to give the public an opportunity to contact the domain name holder.
The public inquiry service strengthens confidence in Norwegian domains:
- It is easy to find the correct point of contact when a domain causes technical problems
- It makes it possible to find the party responsible for a registration2
- It provides an opportunity to contact the domain holder
- It contributes to the combating of illegal content on the internet
The registration directory service gives access to the information shown in the figures below. The information shown in parentheses is optional, which means that for many registrations this information is not available.
The service permits only two types of requests: Users can look up either a domain name and obtain information related to the registration, or an organization number and obtain an overview of the domain registrations held by the organization. The service does not offer a free text search.
Use of the service is subject to certain terms and conditions, and by doing a loop-up, users confirm their acceptance of these terms and conditions. In order to reduce the risk of the service being misused, Norid has also built-in restrictions on how often the same user can use the service. Users who exceed the limits are blocked from the service for a certain period.
2.1 Information available when looking up a domain name
Users who look up a domain name obtain basic information about the registration itself:
- The domain name
- DNSSEC information3
- When the registration was created
- When the registration was last updated
A domain look-up also provides information about the domain holder, technical contacts, name servers (with optional technical contacts) and the registrar.
Different amounts of information are given about the domain holder depending on whether they are an organization, a sole proprietorship or a private individual.
For organizations the following data are displayed: organization number, organization name, email address, postal address, country (Norway), and the telephone number if given. For sole proprietorships the following data are displayed: organization number, organization name, email address and country (Norway). For private individuals, the following data are displayed: email address and country (Norway).
A look-up also provides contact information for technical contacts for the registration, so that these can be contacted if the domain is used in such a way that it threatens the functionality, security and stability of other domains or the internet as an infrastructure.
Basic information about name servers (machines that answers requests for addresses under the domain) and the registrar is also provided.
For name servers, the name and IP-address get displayed. For technical contacts, the following data are displayed: role name, email address, country, and the telephone number if given. For registrars, the following data are displayed: organization name, email address, postal address, country, telephone number (if given) and the website URL.
3. Processing of personal data
The information that is processed in the lookup service is to a large degree personal information to Norid. The domain name subscribers are either private individuals, identified to us through names and national ID numbers, or organisations (businesses, public entities and other organisations) where we have requested the name of a contact person i addition to the organisation's name and organisation number. Even is a piece of data is personal data to us, because we can connect it to an identifiable physical person, it is not automatically personal data to whomever receives it.
When we made the lookup service, we made a concrete assessment of the need for processing different kinds of personal data, as well as what measures can reduce the impact on the registered person’s privacy.
3.1 General information about email addresses
For those who use the lookup service, all email addresses linked to a domain subscription can potentially be personal data. For example, the email address email@example.com can be personal data because it contains the name of a person.
However, it is not required to provide an email address containing a personal name or other elements that directly identify a person. There are several solutions on the market. For example, an anonymous email address can be created such as firstname.lastname@example.org or email@example.com or similar. Alternatively, forwarding services can be used, where a provider creates anonymized email addresses, and sets up a service that forwards all emails that come to this address to the holder's actual email address. There are several providers offering such services.
Email addresses can also be easily changed if the registered person so wishes, and unlike a postal address, it does not provide information about the person’s physical location.
Norid requires all Norwegian domain names to have a technical contact that can be contacted in the event of a technical problem with the domain, or if the domain is used in a way that threatens the functionality, security or stability of other domains, or the internet as an infrastructure. This point of contact should be easily accessible to anyone who experiences that the domain is causing technical issues. The requirement is part of ensuring that the Norwegian top-level domain is managed in a manner that contributes to the robust operation of the internet as an infrastructure.
When we collect the information about the technical contact we ask that you disclose what role will be doing the job, e.g. the IT department or the internet provider's hostmaster. We do not register information about any given persons holding the role. If, despite this, the holder chooses to provide an email address or telephone number for the technical contact that may relate to an identifiable person, this personal data will appear in the registration directory service.
Anyone who registers a domain name will receive an exclusive right to use the name as long as the registration lasts, usually until it is terminated by the domain holder. Since domains are a limited resource, Norid requires all holders who acquire part of the total domain resource to provide an email address where they can be contacted by the general public. However, there is no requirement that the email address must contain information that directly identifies the holder.
When the holder is a private individual, the registration directory service does not show the name.
For domain holders that are legal entities, the name shown is the name registered in the Brønnøysund Register Centre. In some instances (such as sole proprietorships), this name will contain a personal name. The reasoning for showing the organisation name for legal entities is that legal entities may acquire a far larger share of the domain resource than private individuals (100 domains each against five for individuals). Therefore it is reasonable that the public is able to discover who is responsible for these domain names.
- 1. Registered in Norway’s Central Coordinating Register for Legal Entities [Enhetsregisteret].
- 2. Applies only to organizations (legal entities)
- 3. Securing domains with DNSSEC is optional, but if the domain is secured, the holder has to submit DNSSEC keys and DS records