ICANN Appeals Latest Decision of German Courts to Ban it Collecting Private Information

August 30, 2018


ICANN has pleaded the most recent decision made versus it in the Appellate Court of Cologne. The organization has contended that the German legal body has made an error in ruling that they had not “adequately explained,” nor given a “reliable reason” for requesting a restriction against German domain registrar, EPAG.

This is the third successive time that ICANN has been unsuccessful in a legal attempt to compel EPAG to collect additional private information on anybody that registers a domain name. EPAG asserts that this requirement is in violation to GDPR secrecy law and, therefore, thinks that it would be breaking the EU law by completing this action.

ICANN contradicts this, asserting that the law insists is vague and therefore EPAG has to keep asking for and saving the information if it desires to carry on acting like a seller for internet addresses.

ICANN’s lawful campaign is an effort to take ownership of its authority over agreements that govern the sale and registering of internet addresses. Nevertheless, its method, attitude and growing string of failures aren’t achieving this goal. ICANN didn’t use the allotted time to modify its agreements in preparation for GDPR. Because of this, the business asked EU data watchdogs for an additional one-year exclusion from the law in spite of there being no precedence for the granting of such a request.

In a further attempt to achieve compliance with the new GDPR condition, ICANN has requested time to create a suggestion for a possible united access model to the Whois system. The group is presently looking for feedback on the suggested changes to let them carry on running the Whois system, domain name registries and registrars should provide public access to information on registrants, including their names and addresses.

The suggestion is seeking to make certain “whether it’s possible to develop an automated and unified approach across all GTLD registrars and registry operators in a way consistent with the GDPR, including the responsibilities placed on data controllers”. ICANN issued the news via its website on Monday, August 20.

The new suggestion is not planned to substitute ICANN’s temporary specification for GTLD registration data which was accepted on May 25, the same day GDPR was launched. The provisional description meant that non-public Whois data access is possible for those with valid reasons. Nevertheless, ICANN has disclosed that registry operators have “differing approaches to meeting that requirement”.

This was put in place in May about the same time that ICANN made contact with the EDPB (European Data Protection Board) to seek explanation on its responsibilities under GDPR. The EDPB responded by asking ICANN to implement additional measures to become compliant with the new legislation.

The Centre for IT & IP Law at the University of Leuven (KU Leuven) issued a paper on the case which decided that the ICANN case against the EPAG is more ‘than a mere secrecy compliance issue’. It relates to the way we see the internet, its governance and its architectural security’.