[lac-discuss-en] Fwd: ICANN News Alert -- ICANN Appeals German Court Decision on GDPR / WHOIS

Thu Jun 14 22:54:58 UTC 2018

FYI

==============================
*Carlton A Samuels*

*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround*
=============================

[image: ICANN] <http://www.icann.org/> News Alert

https://www.icann.org/news/announcement-2018-06-13-en
------------------------------
ICANN Appeals German Court Decision on GDPR / WHOIS

13 June 2018

LOS ANGELES – 13 June 2018 – The Internet Corporation for Assigned Names
and Numbers (ICANN) today appealed a decision by the Regional Court in
Bonn, Germany not to issue an injunction in proceedings that ICANN
initiated against EPAG, a Germany-based, ICANN-accredited registrar that is
part of the Tucows Group. The appeal was filed to the Higher Regional Court
of Cologne, Germany.

ICANN is asking the Higher Regional Court to issue an injunction that would
require EPAG to reinstate the collection of all WHOIS data required under
EPAG’s Registrar Accreditation Agreement with ICANN.

The Regional Court in Bonn rejected ICANN’s initial application for an
injunction, in which ICANN sought to require EPAG to collect administrative
contact and technical contact data for new domain name registrations.

If the Higher Regional Court does not agree with ICANN or is not clear
about the scope of the European Union’s General Data Protection Regulation
(GDPR), ICANN is also asking the Higher Regional Court to refer the issues
in ICANN’s appeal to the European Court of Justice.

ICANN is appealing the 30 May 2018 decision by the Regional Court in Bonn
as part of ICANN’s public interest role in coordinating a decentralized
global WHOIS for the generic top-level domain system.

“We are continuing to seek clarity of how to maintain a global WHOIS system
and still remain consistent with legal requirements under the GDPR,” said
John Jeffrey, ICANN’s General Counsel and Secretary. “We hope that the
Court will issue the injunction or the matter will be considered by the
European Court of Justice.”
Background:

On 25 May 2018, ICANN filed the injunction proceedings against EPAG. ICANN
asked the Court for assistance in interpreting the GDPR in an effort to
protect the data collected in WHOIS. ICANN sought a court ruling to ensure
the continued collection of all WHOIS data. The intent was to assure that
all such data remains available to parties who demonstrate a legitimate
purpose to access it, and to seek clarification that under the GDPR, ICANN
may continue to require such collection.

ICANN filed the proceedings because EPAG had informed ICANN that as of 25
May 2018 when it sells new domain name registrations, it would no longer
collect administrative and technical contact information. EPAG believes
collection of that particular data would violate the GDPR. ICANN’s contract
with EPAG requires that information to be collected.

EPAG is one of over 2,500 registrars and registries that help ICANN
maintain the global information resource of the WHOIS system. ICANN is not
seeking to have its contracted parties violate the law. Put simply, EPAG's
position spotlights a disagreement with ICANN and others as to how the GDPR
should be interpreted.

On 30 May 2018, the Court determined that it would not issue an injunction
against EPAG. In rejecting the injunctive relief, the Court ruled that it
would not require EPAG to collect the administrative and technical data for
new registrations. However, the Court did not indicate in its ruling that
collecting such data would be a violation of the GDPR. Rather, the Court
said that the collection of the domain name registrant data should suffice
in order to safeguard against misuse in connection with the domain name
(such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide
the same data elements for the registrant as for the administrative and
technical contacts, ICANN did not demonstrate that it is necessary to
collect additional data elements for those contacts. The Court also noted
that a registrant could consent and provide administrative and technical
contact data at its discretion.

ICANN appreciates and understands the dilemma of EPAG in trying to
interpret the GDPR rules against the WHOIS requirements, but if EPAG's
actions stand, those with legitimate purposes, including security-related
purposes, law enforcement, intellectual property rights holders, and other
legitimate users of that information may no longer be able to access full
WHOIS records.

In addition to the court proceedings, ICANN is continuing to pursue ongoing
discussions with the European Commission and the European Data Protection
Board to gain further clarification of the GDPR as it relates to the
integrity of WHOIS services.
About ICANN

ICANN’s mission is to help ensure a stable, secure and unified global
Internet. To reach another person on the Internet, you need to type an
address – a name or a number – into your computer or other device. That
address must be unique so computers know where to find each other. ICANN
helps coordinate and support these unique identifiers across the world.
ICANN was formed in 1998 as a not-for-profit public-benefit corporation
with a community of participants from all over the world.

- - - - - - - - - - - - - - -
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/lac-discuss-en/attachments/20180614/ff874a4f/attachment.html>