Skip to main content

German Court Rules on ICANN Request to Preserve WHOIS Data

LOS ANGELES – 30 May 2018 – The Internet Corporation for Assigned Names and Numbers ("ICANN") today announced that a German regional court (LG Bonn) has issued a decision on the injunction proceedings ICANN initiated against EPAG, a Germany-based, ICANN-accredited registrar that is part of the Tucows Group. The Court has determined that it would not issue an injunction against EPAG.

Last Friday, ICANN filed the matter with the German regional court which ruled today, seeking assistance in interpreting the European Union's General Data Protection Regulation (GDPR) in order to protect the data collected in WHOIS.

In particular, ICANN requested a clarification from the Court about whether EPAG should be obligated to continue to collect administrative and technical contact information for new domain name registrations, as it is required to do under its Registrar Accreditation Agreement with ICANN. EPAG originally had indicated that it would delete the contact information, but had withdrawn its intentions to do so after engaging in dialogue with ICANN.

ICANN asked the Court to intervene after learning that EPAG no longer intended to collect such data, citing the GDPR law implementation as its rationale. ICANN had long required full WHOIS data to be collected, and was requiring registrars such as EPAG to continue to collect the data after the GDPR went into full effect. ICANN modified its requirements surrounding how others could access this data, limiting access only to those who could demonstrate a legitimate purpose (such as in cases of criminal activity, intellectual property infringement or Internet Security problems). Assessing and identifying a legitimate purpose is a requirement identified in the GDPR.

In rejecting the injunctive relief, the Court ruled that it would not require EPAG to collect the adminsitrative and technical data for new registrations. However, the Court did not indicate in its ruling that collecting such data would be a violation of the GDPR. Rather, the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse the security aspects in connection with the domain name (such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

"While ICANN appreciates the prompt attention the Court paid to this matter, the Court's ruling today did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings," said John Jeffrey, ICANN's General Counsel and Secretary. "ICANN is continuing to pursue the ongoing discussions with the European Commission, and WP29, to gain further clarification of the GDPR as it relates to the integrity of WHOIS services."

About ICANN

ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."