Can having a WordPress site cancel your right to privacy?

According to the UK’s domain registry, Nominet, it damn well can.

As I discussed at WordCamp Manchester, a disturbing story has appeared in recent weeks concerning a political blogger. He bought a .co.uk domain in 2012 to use on his self-hosted WordPress.org install where he blogs on politics and privacy issues. He used the opt-out to withhold his postal address from WHOIS searches. WHOIS opt-out has traditionally been applicable to personal, non-commercial projects only, although it has been poorly upheld – until now.

Recently Nominet contacted the blogger to say that they would be removing his domain from the opt-out because he was using the blog it is attached to for commercial purposes. It emerged that they felt his Amazon affiliate widget made his site commercial, as he was using it to make money. He dragged the widget away and confirmed its removal to then. They then came back to him and said:

“This domain has a subscribe list, which gathers personal information from visitors to the site.”

And that, somehow, makes his blog a commercial site which exempts him from WHOIS. He wrote back to Nominet to say

“The subscribe module is a standard part of the wordpress install. The personal information is ‘email address’. In fact, less information is
obtained/retained than using a comments system.”

For many other reasons, both parties are now at stalemate.

This Guardian article summarises the whole case and links to his blog posts where he explains the issue in detail.

Regardless of the issues he raises in his blog and the tactics – some highly disagreeable – he is using to state his case, this case sets a dangerous precedent. If a built-in bog-standard WordPress feature like an email signup box makes a site “commercial”, people who do need to maintain privacy risk having their cover blown over legal hair-splitting. Let’s say that an anonymous corporate whistleblower, having been fired, was using a “Donate Here” link on his whistleblowing blog to keep food in his family’s mouths. In a matter of moments, Nominet could ruin everything over a widget. Then there are undercover journalists, political activists, the next Snowden…

Let’s all keep an eye on this case.

Apropos of nothing, I have received several emails from Nominet in recent weeks seeking to verify various clients’ domain registration details. Several members of my audience at WordCamp reported the same. Nominet are clearly reviewing massive swathes of customer accounts with a view to reclassifying many of them. If you have any .uk (co.uk, .ltd.uk, .me.uk, .net.uk, .nic.uk, .org.uk, .plc.uk, .sch.uk, .cymru, or .wales) domains, take a minute to review your registration information and make sure it is all up to date and filed in the right category.

About the author
Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and has been a professional web site designer since 2007. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.