Michele,
One leading (US-based) registrar informed me that even though they could be more granular if they wished to, they wanted to just extend the identical (i.e., GDPR-level) protections to all registrants globally simply due to "cost-benefit analysis" -- that it was more convenient for them and less work. I personally do not consider that a valid justification, standing alone. I do not wish any registrar to incur unreasonable costs, but a registrar's profit margin goals should not drive policy.
I believe that was most in the context of legal/natural persons. While GDPR clearly doesn't apply to a legal person name/location/phone/role-account-email, manually reviewing data to assert that goes beyond reasonable in cost-benefit for a system that is fully automated today. Answering questions like the ones below require such manual review:
- Is the registrant name of a legal person ?
- Is the registrant name of a legal person when an user informed registration by a legal person but incorrectly put his name as registrant ?
- Is the location of the business the residence of the owner ?
- Is the e-mail address a role-account e-mail like legal@company or a personally identifiable e-mail like johnhorton@legitscript ?
- Is the phone number the main line of the company, an unpublished extension number or a mobile number ?
Is manually reviewing all registration a reasonable cost in your opinion ?
Rubens