The Only Specialized Global Intellectual Property News Agency
A Member of Talal Abu-Ghazaleh Global

ICANN Files Legal Action in Germany to Preserve WHOIS Data

28-May-2018 | Source : ICANN | Visits : 6560
LOS ANGELES - The Internet Corporation for Assigned Names and Numbers (ICANN) announced in a press release that it has filed injunction proceedings against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group. ICANN has taken this step to ask the court for assistance in interpreting the European Union's General Data Protection Regulation (GDPR) in order to protect the data collected in WHOIS. ICANN's "one-sided filing" in Bonn, Germany, seeks a court ruling to ensure the continued collection of all WHOIS data, so that such data remains available to parties demonstrating legitimate purpose to access it, consistent with the GDPR.

EPAG recently informed ICANN that when it sells new domain name registrations it would no longer collect administrative and technical contact information, as it believes collection of that data would violate the GDPR rules. ICANN requires that information to be collected, via its contract with EPAG which authorizes it to sell generic top-level domain name registrations. ICANN recently adopted a new Temporary Specification regarding how WHOIS data should be collected and which parts may be published, which ICANN believes is consistent with the GDPR.

"We are filing an action in Germany to protect the collection of WHOIS data and to seek further clarification that ICANN may continue to require its collection. It is ICANN's public interest role to coordinate a decentralized global WHOIS for the generic top-level domain system. ICANN contractually requires the collection of data by over 2,500 registrars and registries who help ICANN maintain that global information resource," said John Jeffrey, ICANN's General Counsel and Secretary. "We appreciate that EPAG shared their plans with us when they did, so that we could move quickly to ask the German court for clarity on this important issue. We also appreciate that EPAG has agreed that it will not permanently delete WHOIS data collected, except as consistent with ICANN policy."

If EPAG's actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records.

ICANN does not seek to require its contracted parties to violate the law. EPAG's position has identified a disagreement with ICANN and others as to how the GDPR should be interpreted. This lawsuit seeks to clarify that difference in interpretation. In its 17 May 2018 adoption of the Temporary Specification for gTLD Registration Data, the ICANN Board noted that the global public interest is served by the implementation of a unified policy governing aspects of gTLD registration data when the GDPR goes into effect.

"The ICANN org is committed to enforcing our contracts to the fullest extent the law allows and preserving the integrity of the WHOIS system," said ICANN President and CEO Göran Marby.

The Temporary Specification still requires gTLD registry operators and registrars to collect all registration data. If you submit a WHOIS query for a registration subject to the GDPR, you will only receive "thin" data in return, which includes technical data sufficient to identify the sponsoring registrar, status of the registration, and creation and expiration dates for each registration, but not personal data. Additionally, you will have access to an anonymized email address or a web form to facilitate email communication with the relevant contact for that registration. If you are a third party with legitimate interests in gaining access to the non-public data held by the gTLD registry operator or registrar, there are still ways for you to access that data. You can look up the sponsoring registrar and contact them, and they are obligated to respond to you in a reasonable time.

Related Articles