ICANN files suit to protect WHOIS database

Domain overseer ICANN is mounting a legal test case against a German registrar as a last-ditch attempt to protect the WHOIS master database, which identifies who owns what internet domain.

The Internet Corporation for Assigned Names and Numbers (ICANN) has filed suit against EPAG - part of the Tucows Group.

Through the case, ICANN said it wanted a court ruling on whether European registrars can continue to collect information on who they sell new domains to without violating the general data protection regulation (GDPR).

ICANN’s struggle to make the internet domain name system (DNS) and WHOIS database GDPR compliant have been well documented.

It attempted - unsuccessfully - to get a one-year extension to comply with the GDPR, and also to create a “temporary specification” that it believed would ensure WHOIS could continue to operate.

However, as other aggrieved parties have done since GDPR came into effect late last week, ICANN is now testing its legal options.

ICANN said in a statement that EPAG - with whom it has a contract authorising the sale of generic top-level domain registrations - had “recently informed ICANN that when it sells new domain name registrations it would no longer collect administrative and technical contact information, as it believes collection of that data would violate the GDPR rules”.

"We are filing an action in Germany to protect the collection of WHOIS data and to seek further clarification that ICANN may continue to require its collection,” ICANN’s general counsel and secretary John Jeffrey said.

"We appreciate that EPAG shared their plans with us when they did, so that we could move quickly to ask the German court for clarity on this important issue.

“We also appreciate that EPAG has agreed that it will not permanently delete WHOIS data collected, except as consistent with ICANN policy."

ICANN said that an adverse ruling would mean that those seeking WHOIS data for “legitimate purposes, including security-related purposes, law enforcement, intellectual property rights holders, and other legitimate users of that information” would lose access to a complete resource.

ICANN claims its temporary specification allows the continued operation of WHOIS without violating GDPR, though this is untested.

The domain overseer said it “appreciates ongoing discussions” with European authorities, particularly those overseeing GDPR specifications and compliance.

“However, ICANN has seen steps taken by some of our contracted parties that violate their contractual agreements with ICANN,” it said.

“Thus, ICANN must file this action now to both prevent permanent harm to the public interest and seek clarification of the laws, as they relate to the integrity of the WHOIS services.”