ICANN Appeals German Courts Ruling to Stop it Gathering Personal Data

ICANN has appealed the latest decision made against it in the Appellate Court of Cologne. The group has argued that the German legal body has made an error decreeing that they had not “sufficiently explained” nor provided a “credible reason” for asking for an injunction against German domain registrar, EPAG.

This is the third time that ICANN has failed in a judicial attempt to force EPAG to obtain additional personal information on anyone that registers a domain name. EPAG argues that this requirement is in contravention to GDPR privacy legislation and, hence, believes that it would be in contravention of European Union law by doing so.

ICANN claims that the legislation is vague and so EPAG has to keep requesting and saving the information if it wishes to go on acting as a vendor for internet addresses.

ICANN’s legal campaign is an effort to take ownership of its authority over contracts that control the sale and registration of internet addresses. However, its tactics, attitude and increasing string of failures is not achieving this objective. ICANN did not act within the allocated time to amend its contracts in preparation for GDPR. Due to this the group asked EU data regulators for and additional one-year exemption from the law despite there being no precedence for the allowing this to happen.

In an additional effort to achieve compliance with the new GDPR requirement, ICANN has asked for more time to develop a proposal for a possible unified access model to the Whois system. The group is currently looking for feedback on the proposed amendments to permit them to continue running the Whois system, domain name registries and registrars must supply public access to information on registrants, including their names and addresses.

The proposal is hoping to ascertain “whether it is possible to develop an automated and unified approach across all gTLD registrars and registry operators in a manner consistent with the GDPR, including the obligations placed on data controllers”. ICANN published the news via its website on Monday, August 20. Click here to see more.

The new proposal would not replace ICANN’s temporary specification for gTLD registration data which was passed on May 25, the same day GDPR was introduced. The temporary specification meant that non-public Whois data access can happen for those with legitimate reasons. However, ICANN have said that registry operators have “differing approaches to meeting that requirement”.