6. Policies & rules of disclosure

There are some built-in policies and rules concerning contact information disclosure to third-party entities, which include the public.

The contact information that is subject to the data collection policy and disclosure policy entails these contact attributes: name, organization, address (<addr/>), telephone (<voice/>), fax (<fax/>), email (<email/>), vat (<vat/>), identity document (<ident/>), notify email (<notifyEmail/>).

Clients (registrars) are not considered third-party entities in the FRED, and they deal with the information under terms of a contract with the Registry operator.

Changed in version 2.38: The policies are configurable. This chapter describes the default CZ-specific configuration that used to be hard-coded in version 2.37.

Note

The policies & rules of disclosure may be configured by the Registry operator differently.

The Registry operator is supposed to publish a document that declares the rules of registrar communication with the Registry, including a description of the policies & rules of disclosure.

If you are a CZ.NIC registrar, the following description applies to you.

6.1. Data collection policy

This policy is expressed in the greeting from the EPP server, in the element <dcp> (data collection policy); hide is expressed as <access><none/></access> and can be checked e.g. by examining that the xpath /epp/greeting/dcp/access/none is an existing node.

This says that the policy of the server is to disclose none of the data collected over EPP to third-party entities. However, this policy has exceptions arising from the disclosure policy of the server and individual disclosure preferences of each contact.

6.2. Server disclosure policy

The server disclosure policy defines the default disclosure preference (flag) for each attribute and also says which attribute’s disclosure preference is adjustable by contacts.

The server’s default disclosure preference is to hide all personal information except name and organization, which are always visible, and address, which is forced visible on creation, but is hidden later when certain conditions are met (see Hiding address). Visibility of other contact attributes can be adjusted on demand as explained in Contact disclosure preference.

Summary – Server disclosure policy

Attributes

name

organization

address

telephone

fax

email

vat

identity

notifyemail

Default flags (contact:create)

show

show

show

hide

hide

hide

hide

hide

hide

Nature

fixed

fixed

adjustable *

adjustable

adjustable

adjustable

adjustable

adjustable

adjustable

Server disclosure preference also means, that responses to contact:info use flag="1" to describe contact disclosure preference, i.e. which attributes are shown as opposed to the server’s default disclosure preference.

6.3. Contact disclosure preference

The contact disclosure preference expresses an opposite of the server disclosure preference where it is allowed by the policy to be adjusted. With the server disclosure preference to hide data, the contact disclosure preference represents consent to disclose a piece of personal information.

To set or view disclosure preference, the <contact:disclose> element is used. Its syntax is described in the reference of each command:

  • viewing disclosure preference with contact:info;

  • setting disclosure preference with contact:create is allowed for the attributes:
    telephone (<voice/>), fax (<fax/>), email (<email/>), vat (<vat/>), identity document (<ident/>), notify email (<notifyEmail/>);

  • setting disclosure preference with contact:update is allowed for the attributes:
    address (<addr/>), telephone (<voice/>), fax (<fax/>), email (<email/>), vat (<vat/>), identity document (<ident/>), notify email (<notifyEmail/>).

Disclosure preference for name and organization cannot be adjusted, therefore they are never listed in requests nor responses.

If the contact does not satisfy the conditions for hiding address, then <addr/> must be listed in update requests that are based on flag="1".

See also the examples at the end of this chapter.

6.4. Hiding address

When a new contact is being created, the contact disclosure preference for address cannot be requested and the server uses its default disclosure preference, which is to show address.

Once the contact [1] is verified (gets the status flag identifiedContact or validatedContact), the server changes the disclosure preference for address to “hide” automatically and notifies the client (the designated registrar) about this change in a poll message. At this point, the contact is allowed to change it.

When the contact [1] loses verification, the server changes the disclosure preference for address back to “show” automatically (the client is NOT notified about this change). At this point, the contact cannot change it.

When the contact [1] regains verification, the same thing happens as if it has gained it for the first time, see above. The previous contact disclosure preference for address is ignored and overwritten.

Note

The <addr/> disclose flag affects disclosure of all addresses in a contact.

6.5. Examples of behaviour

6.5.1. contact:create command

6.5.1.1. Request – without the element <contact:disclose>

The EPP request does not contain <contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

hide

hide

hide

hide

6.5.1.2. Requests to show listed attributes – <contact:disclose flag="1">

6.5.1.2.1. Request – empty element <contact:disclose>

The EPP request contains:

<contact:disclose flag="1">
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

hide

hide

hide

hide

6.5.1.2.2. Request – show all you can

The EPP request contains:

<contact:disclose flag="1">
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

show

show

show

show

show

show

6.5.1.2.3. Request – show a specified subset

The EPP request contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

show

show

show

hide

6.5.1.3. Requests to hide listed attributes – <contact:disclose flag="0">

These requests don’t make sense when the policy is to hide; it always results in a contact having all disclosure settings set to hide except for address which can’t be set in the operation create and is set to show.

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

hide

hide

hide

hide

6.5.2. contact:update command

6.5.2.1. Request – without the element <contact:disclose>

Contact disclosure settings before the request:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

hide

hide

hide

show

The EPP request does not contain <contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

hide

hide

hide

show

6.5.2.2. Requests to show listed attributes – <contact:disclose flag="1">

The result depends on the contact, whether it satisfies conditions for hiding address and the element <addr/> is listed in the request.

Element <addr/> listed in the request

Contact satisfies conditions for hiding address

Result

NO

NO

code=2304 msg=Object status prohibits operation

NO

YES

code=1000 msg=Command completed successfully

YES

NO

code=1000 msg=Command completed successfully

YES

YES

code=1000 msg=Command completed successfully

6.5.2.2.1. Request – empty element <contact:disclose> – contact does NOT satisfy conditions for hiding address

The EPP request contains:

<contact:disclose flag="1">
</contact:disclose>

The request results in an error:

<result code="2304">
   <msg>Object status prohibits operation</msg>
</result>
6.5.2.2.2. Request – empty element <contact:disclose> – contact DOES satisfy conditions for hiding address

Contact disclosure settings before the request:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

show

show

hide

hide

hide

hide

The EPP request contains:

<contact:disclose flag="1">
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1"/>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

hide

hide

hide

hide

hide

hide

hide

6.5.2.2.3. Request – show all you can

Contact disclosure settings before the request:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

show

show

hide

hide

hide

hide

The EPP request contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:voice/>
  <contact:fax/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

show

show

show

show

show

show

6.5.2.2.4. Request – show a specified subset – contact does NOT satisfy conditions for hiding address (and <addr/> is NOT listed)

The EPP request contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

The request results in an error:

<result code="2304">
   <msg>Object status prohibits operation</msg>
</result>
6.5.2.2.5. Request – show a specified subset – contact does NOT satisfy conditions for hiding address (and <addr/> IS listed)

Contact disclosure settings before the request:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

show

hide

hide

show

show

The EPP request contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:addr/>
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

hide

show

show

show

show

6.5.2.2.6. Request – show a specified subset – contact DOES satisfy conditions for hiding address

Contact disclosure settings before the request:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

show

hide

show

hide

hide

show

show

The EPP request contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Result – the response to contact:info contains:

<contact:disclose flag="1">
  <contact:email/>
  <contact:vat/>
  <contact:ident/>
  <contact:notifyEmail/>
</contact:disclose>

Interpretation of the result:

name

organization

address

telephone

fax

email

vat

ident

notifyemail

show

show

hide

hide

hide

show

show

show

show

6.5.2.3. Requests to hide listed attributes – <contact:disclose flag="0">

These requests don’t make sense when the policy is to hide; it results in:

  • an error if the contact does not satisfy conditions for hiding address:

    <result code="2304">
      <msg>Object status prohibits operation</msg>
    </result>
    
  • otherwise, all disclosure settings being set to hide:

    name

    organization

    address

    telephone

    fax

    email

    vat

    ident

    notifyemail

    show

    show

    hide

    hide

    hide

    hide

    hide

    hide

    hide