Domain name overseer hopes to get clarification about data collection for domain name registrations.
ICANN has filed injunction (PDF) proceedings against EPAG, a domain name registrar owned by Tucows (NASDAQ:TCX), in a challenge meant to get clarity on the European Union’s General Data Protection Regulation (GDPR). EPAG is a German registrar that Tucows acquired in 2011.
While many registrars have stopped publishing personal information in Whois, EPAG has told ICANN that it will no longer collect administrative and technical contact details because it believes doing so will violate GDPR.
ICANN’s recent temporary specification for Whois states that accredited registrars must continue to collect the information even though they aren’t required to display it publicly in Whois.
In a release, ICANN stated:
“We are filing an action in Germany to protect the collection of WHOIS data and to seek further clarification that ICANN may continue to require its collection. It is ICANN’s public interest role to coordinate a decentralized global WHOIS for the generic top-level domain system. ICANN contractually requires the collection of data by over 2,500 registrars and registries who help ICANN maintain that global information resource,” said John Jeffrey, ICANN’s General Counsel and Secretary. “We appreciate that EPAG shared their plans with us when they did, so that we could move quickly to ask the German court for clarity on this important issue. We also appreciate that EPAG has agreed that it will not permanently delete WHOIS data collected, except as consistent with ICANN policy.”
If EPAG’s actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records.
It seems that ICANN is using this as a test case, perhaps with a wink and a nod from EPAG as all parties seek to get a better understanding of how GDPR should be interpreted.