Every domain registrar in 2026 brags about “free WHOIS privacy” like they’re handing you a gift. They’re not. GDPR forced the redaction in 2018. The registrar was going to hide your name from the public WHOIS database whether you paid for it or not, because doing otherwise would have cost them more in lawsuits than the £10/year add-on ever earned.
The actual question to ask a registrar isn’t “do you offer free WHOIS privacy?” — they all do or they don’t matter. The question is: do they still charge for it, and if so, what does that tell you about the rest of their pricing?
What happened in 2018
The EU’s General Data Protection Regulation came into effect on 25 May 2018. GDPR prohibits the public disclosure of personal data without a lawful basis. For EU registrants, publishing name, home address, email address, and phone number in a globally accessible database had no lawful basis under GDPR.
ICANN — the governing body for the domain name system — scrambled. The WHOIS protocol was built in 1982 on the assumption that the internet was a small academic network and privacy wasn’t a design constraint. By 2018 it was a public database being scraped by spammers, data brokers, and bad actors.
ICANN’s response: issue a Temporary Specification in May 2018 requiring registrars to redact personal data from public WHOIS for registrants invoking GDPR protection. In practice, most registrars extended the redaction to all registrants globally — simpler to implement, and they couldn’t selectively expose non-EU users without legal risk in the EU anyway.
What this means for “free WHOIS privacy”
Before 2018, WHOIS privacy protection was a genuine product. Registrars built proxy services that would substitute their contact details for yours. GoDaddy charged £9.99/yr. Namecheap charged a smaller amount. Network Solutions charged more. It was a real upsell with real revenue.
After 2018, the legal basis for publicly displaying your personal data disappeared for the majority of registrants. The registrar was going to protect your data whether you paid or not — because not protecting it created legal exposure.
The “free WHOIS privacy” announcement every registrar made in 2019–2021 wasn’t generosity. It was capitulation to a regulatory reality. They were removing a product that had become indefensible.
Who still charges for it
GoDaddy still lists “Ultimate Domain Protection & Security” at $9.99/yr. Network Solutions has a similar product. Both frame it as a premium offering.
What you’re buying, in 2026, when you pay for WHOIS privacy at GoDaddy:
- The redaction of your data that GDPR already required (the regulatory floor)
- Some additional security features (domain monitoring, “Domain Lock” notifications) that may or may not be valuable to you
The baseline — the privacy protection itself — is a legal obligation, not a service. You’re paying for the wrapper, not the product.
What it tells you about the rest of their pricing
A registrar that charges for WHOIS privacy in 2026 has made a choice: to continue selling a regulatory minimum as a premium feature. This choice is not made out of necessity (every other major registrar gives it free), it’s made because some users will pay.
If the pricing philosophy at checkout is “sell the user everything they’ll pay for, regardless of whether it adds value”, that philosophy applies to every other product line too. Look at GoDaddy’s .com renewal price ($21.99), their hosting upsells, their website builder lock-in. The WHOIS privacy charge is the canary.
The screenshot test
Before registering a domain anywhere, do this: add a domain to the cart, proceed to checkout, and screenshot the page. Count the number of add-ons pre-checked. If WHOIS privacy is pre-checked at a cost, close the tab.
Registrars that respect your wallet: Cloudflare (free, automatic), Porkbun (free, automatic), Namecheap (free, must enable WhoisGuard in settings), Spaceship (free), Namesilo (free).
Registrars that charge: GoDaddy, Network Solutions, some legacy registrars.
The practical test
You don’t need to read GDPR case law to evaluate a registrar. One question is sufficient: does WHOIS privacy cost extra?
If yes: you’re dealing with a registrar whose pricing philosophy is to monetise regulatory minimums. Use that information accordingly.