The data elements that Tucows or the GDPR-compliant provider requires are collected and processed under the legal basis of a contract. However, for some TLDs and services, the provider requests additional pieces of data for which there is no legal contractual basis to process. When this is the case, we will ask the registrant for consent to share these additional pieces of data with the provider.
In most cases, even if the registrant should withhold or fail to provide consent, Tucows is still able to immediately register the domain by sending the registry a combination of the contractual data and placeholders for any data elements that can only be processed with consent. We refer to such services as “synchronous”—they can be registered right away, without the use of additional personal data beyond that which is covered in the contract.
For some TLDs, however, placeholder data will not be accepted by the registry, and because we don’t have assurance from the registry that the data will only be used in ways that conform with modern data privacy regulations such as the GDPR, Tucows cannot in good conscience provide the actual data to the registry without the registrant’s consent. We refer to these types of services as “asynchronous” — because the service cannot be provided without sharing certain pieces of the registrant’s personal data with the service provider, and there is no GDPR-compliant contract to protect the data, we need the registrant’s permission to share it before we proceed. This permission must be provided in the form of affirmative consent.