ICANN sues registrar over GDPR and WHOIS data

25 May 2018

[Update] The Regional Court in Bonn dismised the case, opining that the collection and storage of the data of the administrative and technical contacts for a domain name was not necessary, and that the collection of personal data of the domain name registrant was sufficient for purposes related to safeguarding against misuse of domain names​.

The Internet Corporation for Assigned Names and Numbers (ICANN) has filed a legal action against Germany-based domain name registrar EPAG, over the registrar's decision to stop collecting administrative and technical contact information when domain names are registered. While EPAG – an ICANN accredited registrar – is of the view that its decision is in line with the EU General Data Protection Regulation (GDPR), ICANN argues that the registrar is breaching its contract by not complying with the requirement to continue to collect WHOIS data. The ICANN Board has recently adopted a Temporary Specification regarding the collection and publication of WHOIS data, which the organisation believes to be compliant with the GDPR. Through this filling against EPAG, ICANN is seeking 'a court ruling to ensure the continued collection of WHOIS data, so that such data remains available to third parties demonstrating'. The organisation also noted that it 'does not seek to require its contracted parties to violate the law', but that it has filed the lawsuit to seek clarification on the different interpretations of GDPR provisions.

Explore the issues

Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.

The Domain Name System (DNS) handles Internet domain names (such as www.google.com) and converts them to Internet Protocol (IP) numbers (and the other way around).


The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top