I'm pretty sure this goes against European (or at least Dutch) privacy laws because it's not just company domains being searched. There isn't any privacy-overriding reason to keep a database with this kind of identifying information. Since these laws are currently barely enforced, nothing will happen of course.
More info in Dutch: https://blog.iusmentis.com/2017/11/08/internationale-domeinb...