ICANN files suit over the applicability of the GDPR to the WHOIS system

On May 25, 2018, ICANN filed a motion requesting the Regional Court of Bonn to enter a preliminary injunction preventing EPAG, a German registrar, from registering any domain name without collecting the personal data for the administrative and technical domain record contacts, in addition to the personal data for the registrant (the domain name holder). At the core of the legal action is the applicability of the EU’s General Data Protection Regulation (“GDPR”) to the WHOIS system — which has been a subject of much debate in the Internet community.

ICANN appears to have filed the action after the registrar took the view that it could no longer collect this personal data because of the GDPR.

In its motion, ICANN explains its view that the collection of such personal data is necessary to “coordinate the stable operation of the Internet’s unique identifier system” and is akin to trademark registers, where the collection of such data is a legitimate interest “in order to give the opportunity to delegate tasks with regard to the registration and maintenance of the trademark to a legal representative being the expert to trademark matters.”

An English copy of the motion is available on ICANN’s web site.