Logic dictates that most GDPR-related litigation would seek to stop collection of personal data. But ICANN filed an action last Friday demanding that EPAG Domain Services gmbH collect names, email addresses and other information under its contract as an ICANN-accredited domain registrar.
In a motion filed with the Regional Court of Bonn, ICANN asks or a preliminary injunction requiring that EPAG, a Tucows-owned registrar based in Bonn, Germany stop registering second-level domain names without collecting the name, postal address, email address, voice telephone number, and other data for the domain names.
ICANN is a nonprofit corporation that facilitates the operation of generic top- and second-level domains.
According to the legal papers, Tucows feels that it “can no longer legally collect information on the technical contact and administrative contact as part of the customer data it gathers and is required to gather under its contract.”
But ICANN argues that “access to this data is required for the stable and secure operation of the domain name system, as well as a way to identify those customers that may be causing technical problems and legal issues with the domain names and/or their content.”
It concludes that GDPR provisions do not prevent the Defendant from collecting these data elements.
Tucows responded on Monday that it crafted its procedures based on the GDPR, and that ICANN wants it to “collect and share information we don’t need,” and where “we may not have a legal basis to do so.”
The firm adds, “ICANN and Tucows disagree on how the GDPR impacts our contract.”
ICANN argues, on the other hand, that it has created a "unified interim model to ensure a common framework for registration data directory services, or 'WHOIS' data, that would not violate the GDPR."