There is a great number of good reasons why a website is run by someone else than the holder of the domain name through which the site can be accessed. Most of these reasons not only make perfect sense, but are also entirely lawful. Some of them, however, may also cause problems.
Legal notice: A statutory requirement to provide transparency and accountability when targeting an audience in Germany
No matter if via a website or a social media profile, via online platforms such as marketplaces, or via a blog: Anyone who makes content publicly available on the internet is legally responsible for it, regardless whether such content is a private or commercial offering.
To ensure that it is always transparent and clear who is running certain ‘commercial digital services’, legislation in Germany requires the providers of such services to identify themselves via a legally compliant legal notice commonly referred to as ‘Impressum‘.
Limited reliability: Cross-checking legal notice data against domain holder data
Raising consumer awareness and digital literacy online is the aim of a wide range of organisations, from media oversight authorities through consumer protection associations to police crime prevention units. All these regularly advise users not to trust unfamiliar online services blindly, but to check them carefully before ordering any goods or submitting one’s personal data. This includes verifying whether a legal notice exists on a website and whether the information it contains is both complete and correct, and at the same time does not falsely claim to be a third party by fraudulently impersonating their identity.
Additionally, these same organisations often advise users to cross-check the details given in the legal notice with regard to the website‘s operator against the holder data stored by the relevant top-level domain registry (such as DENIC) for the domain name pointing to the website in question. However, under current data protection rules, in Germany, making personal data publicly available is prohibited. This means that online information services such as the DENIC whois lookup service are merely allowed to disclose the registration details of legal entities (including companies, institutions or other organisations), but not those of private individuals who have registered a domain name.
Moreover, apart from the fact that the options of cross-checking legal notice data versus certain domain registration data are restricted by law, it is also of little practical use.
What if domain holder data differ from legal notice data? No need to worry right away
But let’s assume that a domain holder‘s details are publicly available via the whois lookup (as is the case with legal entities): Will cross-checking these data against the operator details that are contained in the legal notice of a website pointing to this particular domain name, not automatically result in a clear notion of how trustworthy the online service in question is? Definitely not.
Even if the data do not match, this is not necessarily evidence of a lack of credibility on the part of the website.
After all this is because, contrary to what is often mistakenly assumed, there is no obligation for domain holders and website operators to be identical persons. Depending on the specific situation, there may be sound and legitimate reasons why they are not – while still being reputable.
Website operators and domain holders: Why they don’t have to be identical
Domain holders are individuals or organisations that have acquired a contractual right to use a specific domain name and can therefore use it freely as they see fit. This means that a holder may choose to use the domain name themselves, by running under it a website displaying content of their own choosing, and/or by sending and receiving emails. However, they may also allow a third party to use the domain for such purposes (i. e. let it out), or even transfer it to another party altogether (i. e. sell it).
Website operators, in turn, link a specific domain name to a website and use it to provide content for which they are responsible. A website‘s operator may be the domain holder themselves, but may also be another individual or organisation to whom the holder has granted the use of the domain name, or whom they may have commissioned to operate a website under the domain name in question.
Pros and cons: Combining the roles of domain holder and website operator
But when, for example, might it make sense for a domain holder and website operator to be different persons? And when might it not?
A common scenario is that domain names used by public sector institutions are frequently registered not in the name of a particular institution, but instead in the name of a technical service provider who, as a corporation established under public law, acts on behalf of various administrative authorities, and is responsible for the technical operation and security of parts or the entirety of the public administration’s digital ecosystem. This way a website’s legal notice may well identify a certain federal ministry in Berlin to operate the site, while the domain name pointing to it may at the same time – and without this giving rise to any legal issues – be registered by a service provider under public law sited, say, in Bavaria, who technically manages the ministry website to make sure that it is always up and running or that any user interfaces – such as online application forms or other dialogue features – function reliably at all times.
Another real-world example is that of sports associations‘ merchandising activities. While registering domains in their own name, they frequently outsource the processing of transactions via online shops linked to these domains and selling merch, to subsidiaries or third-party service providers operating under a different name. Obviously, in such cases it is the service provider commissioned to run the online shop who – quite often based at a different postal address – is identified in the legal notice section of the relevant website as its responsible operator.
However, under certain circumstances, domain holder and website operator being different persons may also become an issue: If, for example, a domain name is registered by a third party and that third party, without the knowledge or consent of another party, creates a website in that party’s name in bad faith, this may not only mislead visitors to the website in question, but also get the alleged website operator into serious trouble. For instance, if legal offences are committed via the website for which they are then to be held liable because their name appears in the legal notice.
KEY TAKEAWAYS
Information contained in a website’s legal notice and domain registration data serve different purposes.
There is plenty of sound and legitimate reasons why, in certain cases, domain holder and website operator are not identical persons.
Cross-checking whether a website’s legal notice information regarding its operator matches the holder data of a domain name pointing to that website is just one of many aspects that may be taken into account when judging such website’s credibility. By no means should a holder/operator consistency check be the sole basis to assess whether to trust a site or not.
