ICANN appeals German court’s decision over WHOIS and the GDPR
In May 2018, just a few days after the entry into force of the EU General Data Protection Regulation (GDPR), a court in Bonn, Germany, dismissed a case filed by the Internet Corporation for Assigned Names and Numbers (ICANN) against Germany-based domain name registrar EPAG, over the registrar’s decision to stop collecting administrative and technical contact information when domain names are registered. ICANN has now appealed the decision to the Higher Regional Court of Cologne, announcing that its action is part of its ‘public interest role in coordinating a decentralised global WHOIS for the generic top-level domain system’. The organisation is also asking the Higher Regional Court to refer the issues brought to its attention to the Court of Justice of the European Union if the court ‘does not agree with ICANN or is not clear about the scope of the GDPR’. In explaining its appeal, ICANN noted that it ‘appreciates and understands the dilemma of EPAG in trying to interpret the GDPR rules against the WHOIS requirements, but if EPAG’s actions stand, those with legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information may no longer be able to access full WHOIS records’.