The California Consumer Privacy Act And The .US Domain
As I start this off I would be remiss to state that yes, I have a .us domain, however so do many Americans. You see, the .us top level domain (TLD) is only available to those who reside within the United States. There are other requirements too such as keeping your WHOIS records up to date. Ensuring that WHOIS records show that those who register a .us domain reside within the US. The major downfall to that is the fact that you cannot purchase privacy protections for your domain. So all of you who have purchased .com, .net, .org and so on have those privacy protections available. But not for .us domains. In fact, .at, .be, .ca, .cn, .cx, .de, .eu, .pl, .pro, and .tw TLD’s do not have those protections either – but that is different story for a different day. What makes the .us TLD so important?
The California Consumer Privacy Act of 2018, soon to go into affect on January 1, 2020 provides protections of personal information. You see, in order to maintain a .us domain one must accurately state their personal, or business, information in the WHOIS directory. Under the CCPA, personal information is defined as real name, signature, address, telephone number, insurance policy number, education, employment, employment history, bank account information, credit card number, debit card number, alias, postal address, unique personal identifier, online identifier such as an IP address, email address, account name, social security number, drivers license number, password number, or other similarities. Whew!
If you have never seen a WHOIS lookup on a domain before, it tends to look like:
Domain Name: JASONBROWN.US
Registry Domain ID: D20196051-US
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2018-05-31T13:04:07Z
Creation Date: 2009-05-31T22:47:12Z
Registrar Registration Expiration Date: 2019-05-30T23:59:59Z
Registrar: GoDaddy.com, LLCRegistrar IANA ID: 146
Registrar Abuse Contact Email: email@example.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: CR17632448
Registrant Name: Jason Brown
Registrant Postal Code:
Registrant Phone Ext:
Registrant Fax Ext:
Registrant Email: firstname.lastname@example.org
Registry Admin ID: CR17632450
Admin Name: Jason Brown
Admin Postal Code:
Admin Phone Ext:
Admin Fax Ext:
Registry Tech ID: CR17632449
Tech Postal Code:
Tech Country: US
Tech Phone Ext:
Tech Fax Ext:
Tech Email: email@example.com
Name Server: ATHENA.NS.CLOUDFLARE.COM
Name Server: LOGAN.NS.CLOUDFLARE.COM
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
I obviously deleted a bunch of stuff but a simple Google search would show you the real results.
Do not get me wrong, California’s Consumer Privacy Act has provided guidelines that the rest of the country should follow. However, law makers continuously make decisions and place deadlines on mandates without fully understanding the impact. How long will it take for law makers to understand the nuances of how the internet works? I myself think its bullshit that one cannot purchase privacy protection for a particular TLD, but I see its reasons.
The amount of data mining, and the cost of providing that information to marketers is astronomical. CSO Online ran an article in 2018 which stated that records on an individual would cost around $141. Take someone 2 minutes to enumerate the entire .us TLD, compile that information and provide it to a marketing company; the amount of data retrieved is priceless.
As you can see, the CCPA has brought to light privacy implications that no one has thought of before. The collection of personal information, the sale of personal information to other companies, and even the disclosure of sale of information. However no one is looking at the information that we have to give up freely in order to do business. It is my hope that we shed a little California sunshine on this situation.