German Court Says GDPR Outweighs ICANN Need For Domain Data

A German court has made short work of ICANN’s bid to force domain registrar EPAG to gather names, email addresses and other data on registrants, saying it is unfounded.

In an opinion issued on Wednesday — less than a week after the filing of ICANN’s motion — The Regional Court of Bonn said that collecting such data would violate the General Data Protection Regulation (GDPR).

While conceding that EPAG’s contract with ICANN requires that it gather such information, the court adds that the agreement that EPAG, “for its part, as registrar, must comply with applicable laws and regulations. "

Under GDPR, personal data may only be collected for “specified, explicit and legitimate purposes,” and must be “limited to what is necessary,” the court observes.

It adds that, based on the filings in the case, data beyond the domain holder’s name was “not previously necessary” to achieve ICANN’s purposes, and that registrants were not denied if they failed to provide it. 

advertisement

advertisement

The court continues that it is “unable to follow” the tying of “the so-called “WHOIS” system to international agreements on trademark registers” as a claim for relief. 

ICANN had filed a motion asking for a preliminary injunction requiring that EPAG, a Tucows-owned registrar based in Bonn, stop registering second-level domain names without collecting the name, postal address, email address, voice telephone number, and other data for the domain names.

ICANN is a nonprofit corporation that facilitates the operation of generic top- and second-level domains. 

1 comment about "German Court Says GDPR Outweighs ICANN Need For Domain Data".
Check to receive email when comments are posted.
  1. Dave Bowra from Campbell House, June 1, 2018 at 9:14 p.m.

    The Regional Court of Bonn said that collecting such data would violate the General Data Protection Regulation (GDPR).  Is this a case of the law making the world a less safe place.  Whois was a source of information on the registrant helping to identify fraudulent websites which we no longer have.  How can we check the registrant is not a fraudster, scam trader?  Is there not a case for legitimate interest? 

Next story loading loading..