The biggest recent development involving ICANN results from the general data protection regulation known as GDPR and the regulation which became fully effective on May 25, 2018.
Due to the regulation, ICANN decided to require domain name registries to remove public access to the contact names and details of domain name registrants. This action was implemented to protect the personal data and privacy of domain name registrants under the GDPR. The decision to limit data previously provided by the WHOIS service has had a severe negative impact on a number of interests. It has raised issues relating to security on the Internet, hampered intellectual property owners’ trademark enforcement efforts to fight against counterfeiting and cybercrimes as well as made it more difficult for law-enforcement authorities to pursue Internet criminals. Although some domain name registrars have organized methods for parties to obtain registrants’ details through bona fide access requests, there is little uniformity or consistency in these efforts resulting in questions as to how much information will be released and when a court order may be required.
Some registrars have provided only the technical information about the domain name and the country of the registrant. Others have provided a proxy service enabling confidentiality of personal data of the registrants. Others continue, at least currently, to disclose information on registrants.
ICANN filed for an injunction against a German domain name registrar called EPAG to compel it to continue collecting registrant data required under its agreement with ICANN. Unfortunately, the German court refused to issue the injunction and the ruling, which was appealed to the higher regional Court of Cologne, was recently affirmed. The Appellate Court found it not necessary to issue a preliminary injunction to avoid imminent damage and noted that ICANN could pursue its claims in the main proceeding. ICANN is considering its next steps.
The latest development is a decision by the U.S. District Court for the Western District of Washington on September 12, 2018, that enjoined Domain Tools, a company that collects, stores and publishes domain and registrant information, from collecting and publishing the Whois records of all .nz domain names. The judge concluded that the Plaintiff Domain Name Commission Limited, a New Zealand government entity that regulates the .nz top level domain, would suffer irreparable harm if a preliminary injunction was denied. The decision finds the privacy interests of the .nz registrants outweigh any public interest benefits from disclosing Whois data to the Defendant’s customers.
Another development occurring this month is a joint letter from the intellectual property constituency and business constituency of ICANN to Goran Marby, President and CEO of ICANN requesting the immediate provision of a unified access solution for non-public Whois data for lawful and legitimate purposes and for acknowledging harms that many in the Internet community are facing without a unified access model in place.
The request is supported by a number of others including the ICANN governmental advisory committee, the prior article 29 working party, and ICANN’s security and stability advisory committee. The letter concludes with a call for ICANN to institute concrete steps to move forward toward a reasonable unified access model including setting developmental milestones and a timeline for reaching an agreement and the adoption of an implementation strategy. In the meantime, the letter urges ICANN to issue a temporary specification for an interim unified access model
Further developments will be closely monitored and reported on in the future.