ICANN Launches GDPR Lawsuit in Germany Against Domain Registrar
A recent case filed in Germany may change the manner in which WHOIS data is being collected.
ICANN, a company based in Germany recently filed action against a domain name database EPAG who refused to collect information for the company. The company, owned by Tucows had to implement a plan wherein the information of the customers was not being collected proceeding violations pertaining to the GDPR regulations. ICANN then proceeded to file a suit, making an appeal for assistance from the court for the proper interpretation of the GDPR. The intention for this is to protect the information of the customers which can be derived from the WHOIS database. The General Counsel for ICANN made a statement stating that they would be filing action in Germany with the aim of protecting the collection of data that is done for the purpose of following regulations that have been imposed. The outcome of this filing can have a significant impact on customer security for the company and can determine the outcome and functioning of their processes.
On May 28th, 2018 a statement was issued by Tuscow regarding the matter of the WHOIS database download. The statement outlined the fact that both parties disagreed on the manner in which the current regulations impacted the services that they provided. The statement showcased the fact that ICANN had a much broader view of what security should be, and the provisions implemented to safeguard those who use the internet. This led to further implications in the days to come on both ends. Tucows took the stance that the current regulations are meant for the safekeeping of individuals on the internet, and eliminating the need for them would expose customers to far more potential risks.
On May 31st, 2019, the German Regional Court issued an order that would impact the course of the domain name database case as it stood. The court came to the conclusion that it would not provide an injunction to the EPAG. The General Counsel and Secretary of ICANN proceeded to respond to the matter, giving a response that showcased their opinions and course of action that they wanted to take. The statement outlined that the party was pleased with the swift action taken with regards to this matter, but still did not outline the fundamental principles that the case was built upon. This only prolonged the conversation that persists with regards to the internet and customer security, and did not clear it up in any regard.
On Jun 14th, 2018, ICANN resorted to an appeal to the Regional Court to not pass an injunction with regards to the proceedings in this case. The aim was to then file the suit in a higher court of law in order to properly clarify the intentions of this case. Until another court order can be passed, the parties are required to properly collect the information of the WHOIS data which is required under the act being questioned. Not following the requisites of the law is grounds for disciplinary action being taken against the party.