Go to Content

.pt WHOIS Policy

Data Processing

WHOIS is a widely used consultation/response TCP - Transmission Control Protocol that provides information on registration data of domain names on the internet. ccTLD .pt has offered the WHOIS service since 2000, in strict compliance with the applicable legal provisions. Generally speaking, it is a free public directory that makes it possible to identify the data associated with the registration and technical maintenance of a domain name.

The legislative harmonisation between Member States in respect of the protection of personal data in the European Union, reflected, inter alia, in the adoption of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) from 25 May 2018, will enhance the level of protection of data subjects' rights, posing major challenges to organisations in terms of its materialisation and implementation.

One of the major challenges posed by the GDPR relates to the need to ensure the conformity of WHOIS with the new legal framework, simultaneously ensuring best practices in terms of the management of TLDs – Top-Level Domains – that, supported on the principles of transparency and publicity, foster confidence in the internet among all stakeholders, offering, inter alia:
• access to accurate, reliable and current registration data;
• contact details of domain name’s registrants and registrars;
• access to non-public personal data by court authorities, ARBITRARE - Centro de Arbitragem para a Propriedade Industrial, Nomes de Domínio, Firmas e Denominações (the Arbitration Centre for Industrial Property, Domain Names, Corporate Names and Denominations) - and by any entity to which the law assigns powers in respect of criminal investigation or whose mission is to oversee or ensure compliance with the legislation applicable, in particular, to the protection of consumer rights, intellectual property, communications, security, public health and trade practices in general. 

Achieving the right balance between safeguarding the core foundations of WHOIS, such as, by way of illustration, the principles of proportionality, transparency, quality and minimisation in the context of processing of personal data and the defence of the fundamental rights and freedoms of natural persons in respect of the processing of personal data, is, therefore, a major concern of States and organisations in general, but also, in particular, of those responsible for managing top-level domains such as .pt.

In this context, taking into account the provisions of GDPR, the recommendations issued by organisations such as CENTR – Council of European National Top-Level Domain Registries, ICANN – Internet Corporation for Assigned Names and Numbers and RIPE – Network Coordination Center, as well as the models adopted by various reference peers, from 25 May the personal data in the .PT WHOIS service will be made available based on the informed and free consent, explicitly expressed by the relevant data subjects, and governed by the following principles:

I. Following registration of a .pt domain name, the following data shall be disclosed in WHOIS:

Fig. 1. 

II. With regard to data collected, the personal data of contact persons associated with the domain names shall not be disclosed, unless they express their free, specific, informed and explicit consent to this end, consenting that their personal data be publicly disclosed through the WHOIS protocol, at whois.dns.pt and through the web, such as at www.dns.pt;
III. Upon registration of a domain name, a declaration of consent shall be made available, which may be signed by the data subject, to which end he/she should follow the instructions given upon registration of the relevant domain.
IV. The data subject may withdraw his/her consent at any time, accessing his/her reserved area online. The data subject may also, at any time and if applicable, elect to express his/her consent to the publication of his/her personal data by following the same procedure;
V. For domains submitted and managed by accredited registrars, these entities shall be responsible, pursuant to and for the purposes of the protocol entered into with .PT, for obtaining, exhibiting and supplying, upon request, the declaration of consent subscribed by the data subject;
VI. Should the data subject not give his/her consent, an anonymised contact option, intended for general contact purposes and possible breaches or abuse, will be offered in the web version available at www.dns.pt. .PT will not intervene in this process, having no access to the communications, or their content, effected in this way; 
VII. Only data of validly registered domain names shall be presented;
VIII. For registrations effected before 25 May, .PT endeavored to obtain the consent of the data subject for disclosure of his/her data in WHOIS. Data for which no consent has been obtained shall not be disclosed;
IX. Court authorities, ARBITRARE, entities to which the law assigns powers in respect of criminal investigation or whose mission is to oversee or ensure compliance with the legislation applicable, in particular, to the protection of consumer rights, intellectual property, communications, security, public health and trade practices in general may request access to personal data not accessible to the public through WHOIS, by means of a notice addressed to .PT.

In order to ensure a holistic, systematic and clear view of the processing of personal data carried out by .PT, this policy should be analyzed complementarily and jointly with our Privacy Policy.

Search funcionality of WHOIS

Introduction
International rules applicable to the management of TLDs, as well as the principles of transparency and publicity applicable to the operation of .PT, require the latter to offer a search functionality in WHOIS that enables its user, upon writing a .pt domain name, to obtain technical and administrative information, which must be reliable and current, thereon. When a Domain Name is registered, the information related to such registration shall be included in a WHOIS database.

Purpose
To make available the contacts associated with the registration of a domain under .pt. The WHOIS directory makes it possible to identify data associated with the registration and technical maintenance of a .pt domain, thus contributing to the security, stability and resilience of the internet and, in parallel, supporting criminal investigations.

Prevention of improper use of the WHOIS service
Data supplied by the WHOIS service may be accessed through WHOIS' customer tools, command line or a web environment-based functionality. 

In order to prevent improper use of the WHOIS service made available, .PT shall ensure the following steps:
a) searches shall be limited to a single criterion, the domain; accordingly, searches by, for instance, registrant or management body name, email address, postal address or fax or telephone number shall not be possible;
b) no abusive use of the WHOIS service, on the basis of the volume of consultations by origin (IP address) shall be permitted;
c) abusive use of the WHOIS service means a maximum of 1,000 consultations within a daily period of 24 hours, by origin (IP address);
d) data shall be kept on all consultations of WHOIS, with a view to making it possible to detect and act in any instances of excessive use;
e) in the event of excessive use, the WHOIS service may be suspended for the origin IP address through which the abusive use occurred;
f) such suspension shall be extended by an additional 24-hour period for each successive instance;
g) consultations of domains outside the scope of .PT's powers (for instance, .com) shall be automatically excluded. In these cases, the WHOIS will reply by stating "invalid search", without making any additional search.

.pt WHOIS Policy update

This Policy may be reviewed at any time in the light of the applicable legislation, as well as of recommendations of any competent national or international entity, notably with regard to the possible creation of an accreditation system for natural persons or legal entities who/which should have privileged access to data not accessible to the public through WHOIS. Codes of conduct whose provisions may impact on the aforementioned principles may also be created and, accordingly, such principles may be subject to new adjustments. 

Last update: February 4, 2021

Note: .PT WHOIS Policy was available for comments and suggestions between April 10 and 26, 2018.
All the questions and suggestions that were transcribed below were sent to .PT during the period in which the consultation for the new WHOIS Policy was open to the public and were object of answers that are also reproduced here. .PT thanks everyone who participated.