.ee will update the Domain Regulation due to the General Data Protection Regulation (GDPR) entering into force on the 25 May 2018. .ee Domain Regulation provides standard terms that regulate the legal relationship between the EIF, domain registrant and registrar (service provider). Main changes concern the WHOIS-service in which the contact information of a registrant who is a natural person can no longer be publicly disclosed.
We note that if the domain registrant is a legal entity, then the data relating to it (name and e-mail address) will be publicly disclosed in the WHOIS after the GDPR has entered into force. Since a legal person does not have a private life, it is not necessary to protect its integrity.
According to the GDPR, EIF is the controller and the registrars (domain registration service providers) are the processors of the personal data of the registrants. In addition, Domain Regulation amendments in question, specify the responsibilities of the registrar regarding the processing of the registrant's personal data (e.g. what information should be provided to the registrant, what should be specified in the service contract, the registrar's obligation to forward breach notices to the EIF, etc.). We also want to specify the scope of the registrar's responsibility if it uses third parties to resell the domain or wishes to transfer a registrant’s personal data to a foreign country located outside the European Economic Area.
Domain Regulation and Registrar Contract full texts that are entering into force on 25 May 2018 can be found accordingly HERE and HERE in the files menue.