GDPR: German court refuses to issue ICANN injunction over Whois

A German court has refused to issue an injunction requested by ICANN, with the organisation claiming the court failed to provide clarity surrounding the EU’s new General Data Protection Regulation (GDPR).

On May 25, the same day that the new regulation came into force, ICANN filed injunction proceedings against domain name registrar EPAG in an attempt to clarify how the regulation should be interpreted.

ICANN filed its injunction in Bonn, Germany, where EPAG, part of the Tucows Group, is based. The proceedings were filed in an effort to ensure that data collected for the Whois system is protected in accordance with the GDPR.

On May 30, ICANN announced that the court will not issue an injunction against EPAG.

ICANN requested that the court clarify whether EPAG should be required to continue to collect administrative and technical contact information for new domain name registrations following the introduction of the GDPR.

EPAG, which is required to collect information under its Registrar Accreditation Agreement with ICANN, had indicated it would delete the contact information, but ICANN claimed that the registrar withdrew its intentions to do so.

ICANN sought intervention from the court when EPAG said that it no longer intended to collect the data, citing the new GDPR law as its reasoning.

The organisation requires full Whois data to be collected, and ordered registrars, including EPAG, to continue to collect the data after the GDPR came into effect.

“While ICANN appreciated the prompt attention the court paid to this matter, the court’s ruling did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings,” commented John Jeffrey, ICANN’s general counsel and secretary.

According to ICANN, the court ruled that it would not require EPAG to collect the administrative and technical data for new registrations, but did not indicate whether collecting such data would be a violation of the GDPR.

The court said that because a registrant can provide the same data elements for that registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional information for these contacts.