Skip to main content

German Appellate Court Rules on ICANN Request to Preserve WHOIS Data

LOS ANGELES – 3 August 2018 – The Internet Corporation for Assigned Names and Numbers (“ICANN”) today announced that a German appeal court (Appellate Court of Cologne) has issued a decision on the injunction proceedings ICANN initiated against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group. The Appellate Court has determined that it would not issue an injunction against EPAG.

In making its ruling, the Appellate Court stated that the interpretation of provisions of the GDPR was not material to its decision, so there was no obligation to refer the matter to the European Court of Justice.

Rather, the Appellate Court simply found that it was not necessary for it to issue a preliminary injunction to avoid imminent and substantial disadvantages, and noted that ICANN could pursue its claims in the main proceedings in order to enforce the rights it asserts.

ICANN is considering its next steps, including possible additional filings before the German courts, as part of its public interest role in coordinating a decentralized global WHOIS for the generic top-level domain system and will provide additional information in the coming days.

Background

On 25 May 2018, ICANN filed the injunction proceedings against EPAG. ICANN asked the Regional Court in Bonn, Germany for assistance in interpreting the GDPR in an effort to protect the data collected in WHOIS. ICANN sought a court ruling to ensure the continued collection of all WHOIS data. The intent was to assure that all such data remains available to parties that demonstrate a legitimate purpose to access it, and to seek clarification that under the GDPR, ICANN may continue to require such collection.

ICANN filed the proceedings because EPAG had informed ICANN that as of 25 May 2018, it would no longer collect administrative and technical contact information when it sells new domain name registrations. EPAG believes collection of that particular data would violate the GDPR. ICANN's contract with EPAG requires that information to be collected.

EPAG is one of over 2,500 registrars and registries that help ICANN maintain the global information resource of the WHOIS system. ICANN is not seeking to have its contracted parties violate the law. Put simply, EPAG's position spotlights a disagreement with ICANN and others as to how the GDPR should be interpreted.

On 30 May 2018, the Regional Court determined that it would not issue an injunction against EPAG. In rejecting the injunctive relief, the Court ruled that it would not require EPAG to collect the administrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse in connection with the domain name (such as criminal activity, infringement, or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

On 13 June 2018, ICANN appealed the Regional Court's ruling to the Higher Regional Court of Cologne, Germany, and again asked for an injunction that would require EPAG to reinstate the collection of all WHOIS data required under EPAG's Registrar Accreditation Agreement with ICANN.

On 21 June 2018, the Regional Court in Bonn, Germany, decided to revisit its ruling in the injunction proceedings, which it has the option to do upon receipt of an appeal.

On 18 July 2018, the Regional Court decided not to change its original determination not to issue an injunction against EPAG, and referred the matter to the Higher Regional Court in Cologne for the appeal.

In addition to the court proceedings, ICANN is continuing to pursue ongoing discussions with the European Commission and the European Data Protection Board to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.

About ICANN

ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."