AdGuard DNS has become one of the early adopters of European Resolver Policy

We are proud to announce that AdGuard DNS has adopted European Resolver Policy! Let's figure out what it is and why we decided to adopt it.

Defining the policy

European Resolver Policy is "an industry-led initiative that sets out best practice for the protection of personal data by DNS resolver operators in Europe". It has been jointly developed with contributions from tech and telecoms companies in Europe and North America, from civil society and regulatory authorities. But it would never appear without a reason.

The emergence and proliferation of new protocols such as DoH had its ramifications: some browsers started to change their security-critical behaviour without explaining the effects of such a step to users. What's more, software policies vary considerably in approach, and it has become extremely difficult for users to understand how their data is stored, processed, and used.

Mozilla's Trusted Recursive Resolver (TRR) program would be a prime example here. Once created, it has been used as an excuse to force a DNS server of Mozilla's choice upon their US users. This program was developed on the basis of US condition, that is, Internet providers collect a ton of user data and resell it, which is why Mozilla sees justification to ignore the Internet providers' own DNS servers.

In Europe, the pattern is different: there are laws that specifically protect personal data, and from the privacy viewpoint, the DNS server of an Internet provider is often as good as any TRR member. Unfortunately, not all people understand it. To stress that a DNS resolver respects GDPR and personal data, European Resolver Policy was created.

Those who have joined it commit to act in line with the MINIMAL requirements, e.g.:

ii. MUST publish their transparency and privacy policy so that it is publicly available and easily accessible at any time, including as part of a subject access request.

v. SHOULD NOT retain or transfer to any third party any personal data arising from the use of these services except where anonymised or aggregated data is necessary for cybersecurity, DNS analytics, reporting and research purposes.

See the full list of privacy requirements at the official website. These requirements are strict enough to guarantee a decent level of privacy and exclude the possibility of collecting personal data.

Adopting the policy

The policy aims mainly at ISPs and cloud-based resolver operators. If other organizations, such as software developers, industry regulators and legislators, accept it, they might encourage its further endorsement and adoption.

We at AdGuard strongly support this initiative and its central tenets and are happy to join it. In this context, we remind that we do not collect any logs. If you want to know more, read our privacy notice.

Liked this post?