Domain registration directory service
Norid operates a registration directory service where members of the public can look up a domain name and obtain information about the registration, domain holder, technical contact and technical setup, as well as the name of the registrar. The information provided is the information available at the time the lookup is done.
A domain is created as soon as Norid registers it to an organisation1 or an individual. The domain holder is granted the right to use the domain name for as long as the registration is valid, normally until the organisation or individual terminates it. The holder may transfer the domain to others or request its deletion. After deletion, anyone can register the domain name anew.
Norwegian domain names are registered and maintained via registrars. Registrars are enterprises that have a contract with Norid to submit applications and updates on behalf of the domain holder, and generally acts as an intermediary between Norid and the holder. In order to register a domain, a holder must sign one contract with Norid and one with the provider.
1. Purpose of a registration directory service
The purpose of the registration directory service is to contribute to resolving technical problems where individual domains threaten the functionality, security and stability of other domains or the internet as an infrastructure. The purpose is also to give the public an opportunity to contact the domain name holder.
The public inquiry service strengthens confidence in Norwegian domains:
- It is easy to find the correct point of contact when a domain causes technical problems
- It makes it possible to find the party responsible for a registration2
- It provides an opportunity to contact the domain holder
- It contributes to the combating of illegal content on the internet
2. The information that is processed
The registration directory service gives access to the information shown in the figures below. The information shown in parentheses is optional, which means that for many registrations this information is not available.
The service permits only two types of requests: Users can look up either a domain name and obtain information related to the registration, or an organisation number and obtain an overview of the domain registrations held by the organisation. The service does not offer a free text search.
Use of the service is subject to certain terms and conditions, and by doing a loop-up, users confirm their acceptance of these terms and conditions. In order to reduce the risk of the service being misused, Norid has also built-in restrictions on how often the same user can use the service. Users who exceed the limits are blocked from the service for a certain period.
2.1 Information available when looking up a domain name
Users who look up a domain name obtain basic information about the registration itself:
- The domain name
- DNSSEC information3
- When the registration was created
- When the registration was last updated
A domain look-up also provides information about the domain holder, technical contacts, name servers (with optional technical contacts) and the registrar. Different amounts of information are given about the domain holder depending on whether they are an organisation, a sole proprietorship or a private individual.
|A Domain holder:
|A Domain holder:
|A Domain holder:
A look-up also provides contact information for technical contacts for the registration, so that these can be contacted if the domain is used in such a way that it threatens the functionality, security and stability of other domains or the internet as an infrastructure.
|N Name server|
|N Technical contact|
Basic information about name servers (machines that answers requests for addresses under the domain) and the registrar is also provided.
3. Processing of personal data
Most of the information processed by the registration directory service will, with a high degree of probability, not be personal data. For example, this is the case for contact information for a domain holder that is a legal person (and not a sole proprietorship), or the name of a name server.
Some of the information, however, is more likely to contain information that directly or indirectly identifies a person. For such information, Norid has made a concrete assessment of the need for processing, as well as what measures can reduce the impact on the registered person’s privacy.
3.1 General information about e-mail addresses
All e-mail addresses can potentially be personal data. For example, the e-mail address firstname.lastname@example.org is personal data because it contains the name of a person. When the domain holder is a private individual, the e-mail address will always be personal data.
However, it is not required to provide an e-mail address containing a personal name or other elements that directly or indirectly identify a person. There are several solutions on the market. For example, an anonymous e-mail address can be created such as email@example.com or firstname.lastname@example.org or similar. Alternatively, forwarding services can be used, where a provider creates anonymised e-mail addresses, and sets up a service that forwards all e-mails that come to this address to the holder’s actual e-mail address. There are several providers offering such services.
E-mail addresses can also be easily changed if the registered person so wishes, and unlike a postal address, it does not provide information about the person’s physical location.
3.2 Technical contact
Norid requires all Norwegian domain names to have a technical contact that can be contacted in the event of a technical problem with the domain, or if the domain is used in a way that threatens the functionality, security or stability of other domains, or the internet as an infrastructure. This point of contact should be easily accessible to anyone who experiences that the domain is causing technical issues. The requirement is part of ensuring that the Norwegian top-level domain is managed in a manner that contributes to the robust operation of the internet as an infrastructure.
The technical contacts are roles, such as the IT department or the internet provider’s hostmaster, and not individuals. If, despite this, the holder chooses to provide an e-mail address or telephone number for the technical contact that may relate to an identifiable person, this personal data will appear in the registration directory service. In such cases, Norid’s processing of the information is necessary in order to fulfil an agreement with the domain holder (GDPR Article 6, 1b), so that the holder fulfils its obligations to society.
3.3 Contacting the domain holder
Anyone who registers a domain name will receive an exclusive right to use the name as long as the registration lasts, usually until it is terminated by the domain holder. Since domains are a limited resource, Norid requires all holders who acquire part of the total domain resource to provide an e-mail address where they can be contacted by the general public. However, there is no requirement that the e-mail address must contain information that identifies the holder.
Norid’s processing of the holder’s email address in the registration directory service is necessary to safeguard the legitimate interests of Norid and third parties (GDPR Article 6, 1f). Norid considers that the possibility of providing an anonymised e-mail address significantly reduces the impact on privacy, allowing the legitimate interests to take priority.
3.4 Name of the domain holder
When the holder is a private individual, the registration directory service does not show the name.
For domain holders that are legal persons, the name shown is the name registered in the Brønnøysund Register Centre. In some instances (such as sole proprietorships), this name will contain a personal name. However, as legal persons may acquire a far larger share of the domain resource than private individuals (100 domains each against five for individuals), it is reasonable that the public is able to discover who is responsible for these domains.
The processing of domain holder names for organisations is necessary to safeguard the legitimate interests of Norid and third parties (GDPR Article 6, Item 1f). Norid considers the impact on privacy for these holders as small as long as what is shown is an organisation name that is already publicly available.
- Registered in Norway’s Central Coordinating Register for Legal Entities [Enhetsregisteret].
- Applies only to organisations (juristic persons)
- Securing domains with DNSSEC is optional, but if the domain is secured, the holder has to submit DNSSEC keys and DS records