6. Policies & rules of disclosure

There are some built-in policies and rules concerning contact information disclosure to third-party entities, which include the public.

The contact information that is subject to the data collection policy and disclosure policy entails these contact attributes: name, organization, address (<addr/>), telephone (<voice/>), fax (<fax/>), email (<email/>), vat (<vat/>), identity document (<ident/>), notify email (<notifyEmail/>).

Clients (registrars) are not considered third-party entities in the FRED, and they deal with the information under terms of a contract with the Registry operator.

The policies comply with GDPR and they are currently hard-coded.

6.1. Data collection policy

This policy is expressed in the greeting from the EPP server, in the element <dcp> (data collection policy); hide is expressed as <access><none/></access> and can be checked e.g. by examining that the xpath /epp/greeting/dcp/access/none is an existing node.

This says that the policy of the server is to disclose none of the data collected over EPP to third-party entities. However, this policy has exceptions arising from the disclosure policy of the server and individual disclosure preferences of each contact.

6.2. Server disclosure policy

The server disclosure policy defines the default disclosure preference (flag) for each attribute and also says which attribute’s disclosure preference is adjustable by contacts.

The server’s default disclosure preference is to hide all personal information except name and organization, which are always visible, and address, which is forced visible on creation, but is hidden later when certain conditions are met (see Hiding address). Visibility of other contact attributes can be adjusted on demand as explained in Contact disclosure preference.

Summary – Server disclosure policy
Attributes name organization address telephone fax email vat identity notifyemail
Default flags (contact:create) show show show hide hide hide hide hide hide
Nature fixed fixed adjustable * adjustable adjustable adjustable adjustable adjustable adjustable

Server disclosure preference also means, that responses to contact:info use flag="1" to describe contact disclosure preference, i.e. which attributes are shown as opposed to the server’s default disclosure preference.

6.3. Contact disclosure preference

The contact disclosure preference expresses an opposite of the server disclosure preference where it is allowed by the policy to be adjusted. With the server disclosure preference to hide data, the contact disclosure preference represents consent to disclose a piece of personal information.

To set or view disclosure preference, the <contact:disclose> element is used. Its syntax is described in the reference of each command:

  • viewing disclosure preference with contact:info;
  • setting disclosure preference with contact:create is allowed for the attributes:
    telephone (<voice/>), fax (<fax/>), email (<email/>), vat (<vat/>), identity document (<ident/>), notify email (<notifyEmail/>);
  • setting disclosure preference with contact:update is allowed for the attributes:
    address (<addr/>), telephone (<voice/>), fax (<fax/>), email (<email/>), vat (<vat/>), identity document (<ident/>), notify email (<notifyEmail/>).

Disclosure preference for name and organization cannot be adjusted, therefore they are never listed in requests nor responses.

If the contact does not satisfy the conditions for hiding address, then <addr/> must be listed in update requests that are based on flag="1".

See also the examples at the end of this chapter.

6.4. Hiding address

When a new contact is being created, the contact disclosure preference for address cannot be requested and the server uses its default disclosure preference, which is to show address.

Once the contact [1] is verified (gets the status flag identifiedContact or validatedContact), the server changes the disclosure preference for address to “hide” automatically and notifies the client (the designated registrar) about this change in a poll message. At this point, the contact is allowed to change it.

When the contact [1] loses verification, the server changes the disclosure preference for address back to “show” automatically and notifies the client (the designated registrar) about this change in a poll message. At this point, the contact cannot change it.

When the contact [1] regains verification, the same thing happens as if it has gained it for the first time, see above. The previous contact disclosure preference for address is ignored and overwritten.

[1](1, 2, 3) This works only for contacts of natural persons, i.e. contacts that have the attribute organization without a value.

Note

The <addr/> disclose flag affects disclosure of all addresses in a contact.

6.5. Examples of behaviour

6.5.1. contact:create command

6.5.1.1. Request – without the element <contact:disclose>

The EPP request does not contain <contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show hide hide hide hide hide hide

6.5.1.2. Requests to show listed attributes – <contact:disclose flag="1">

6.5.1.2.1. Request – empty element <contact:disclose>

The EPP request contains:

<contact:disclose flag="1">
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show hide hide hide hide hide hide
6.5.1.2.2. Request – show all you can

The EPP request contains:

<contact:disclose flag="1">
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show show show show show show show
6.5.1.2.3. Request – show a specified subset

The EPP request contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show hide hide show show show hide

6.5.1.3. Requests to hide listed attributes – <contact:disclose flag="0">

These requests don’t make sense when the policy is to hide; it always results in a contact having all disclosure settings set to hide except for address which can’t be set in the operation create and is set to show.

name organization address telephone fax email vat ident notifyemail
show show show hide hide hide hide hide hide

6.5.2. contact:update command

6.5.2.1. Request – without the element <contact:disclose>

Contact disclosure settings before the request:

name organization address telephone fax email vat ident notifyemail
show show show hide hide hide hide hide show

The EPP request does not contain <contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show hide hide hide hide hide show

6.5.2.2. Requests to show listed attributes – <contact:disclose flag="1">

The result depends on the contact, whether it satisfies conditions for hiding address and the element <addr/> is listed in the request.

Element <addr/> listed in the request Contact satisfies conditions for hiding address Result
NO NO code=2304 msg=Object status prohibits operation
NO YES code=1000 msg=Command completed successfully
YES NO code=1000 msg=Command completed successfully
YES YES code=1000 msg=Command completed successfully
6.5.2.2.1. Request – empty element <contact:disclose> – contact does NOT satisfy conditions for hiding address

The EPP request contains:

<contact:disclose flag="1">
</contact:disclose>

The request results in an error:

<result code="2304">
   <msg>Object status prohibits operation</msg>
</result>
6.5.2.2.2. Request – empty element <contact:disclose> – contact DOES satisfy conditions for hiding address

Contact disclosure settings before the request:

name organization address telephone fax email vat ident notifyemail
show show show show show hide hide hide hide

The EPP request contains:

<contact:disclose flag="1">
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1"/>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show hide hide hide hide hide hide hide
6.5.2.2.3. Request – show all you can

Contact disclosure settings before the request:

name organization address telephone fax email vat ident notifyemail
show show show show show hide hide hide hide

The EPP request contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show show show show show show show
6.5.2.2.4. Request – show a specified subset – contact does NOT satisfy conditions for hiding address (and <addr/> is NOT listed)

The EPP request contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

The request results in an error:

<result code="2304">
   <msg>Object status prohibits operation</msg>
</result>
6.5.2.2.5. Request – show a specified subset – contact does NOT satisfy conditions for hiding address (and <addr/> IS listed)

Contact disclosure settings before the request:

name organization address telephone fax email vat ident notifyemail
show show show hide show hide hide show show

The EPP request contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show show hide hide show show show show
6.5.2.2.6. Request – show a specified subset – contact DOES satisfy conditions for hiding address

Contact disclosure settings before the request:

name organization address telephone fax email vat ident notifyemail
show show show hide show hide hide show show

The EPP request contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name organization address telephone fax email vat ident notifyemail
show show hide hide hide show show show show

6.5.2.3. Requests to hide listed attributes – <contact:disclose flag="0">

These requests don’t make sense when the policy is to hide; it results in:

  • an error if the contact does not satisfy conditions for hiding address:

    <result code="2304">
      <msg>Object status prohibits operation</msg>
    </result>
    
  • otherwise, all disclosure settings being set to hide:

    name organization address telephone fax email vat ident notifyemail
    show show hide hide hide hide hide hide hide