As I predicted ICANN is pursuing its case against EPAG. They’re now not only appealing the case to a higher court in Germany, but are also trying to get the entire thing referred to the European Court of Justice.
In an announcement late last night ICANN made it very clear what their intentions are. While they’re pursuing the appeal in the higher court in the German region, which makes sense at some level, it’s also very clear that they’re not taking “no” for an answer:
If the Higher Regional Court does not agree with ICANN or is not clear about the scope of the European Union’s General Data Protection Regulation (GDPR), ICANN is also asking the Higher Regional Court to refer the issues in ICANN’s appeal to the European Court of Justice.
I’m not a lawyer, but it does strike me as slightly odd to tell the higher court that they don’t trust the outcome even before it’s been made.
The appeal is taking a slightly more nuanced approach to its pleadings with an emphasis not just on the collection of the admin-c and tech-c contacts, but the “legal” collection of same. Jones Day is of the opinion that Epag should be obliged to collect the contacts and attempts to provide a rationale for doing so in what it deems to be a legal way under GDPR. They also make reference to FAQs published on a couple of randomly chosen websites: bestregistrar.com and vcgcorporate.zendesk.com. While the text on those sites might support ICANN’s position it’s not clear why those sites were chosen, beyond the obvious backing of ICANN’s views.
While I could be mistaken to the best of my knowledge most ICANN policies do not make specific reference to the tech-c beyond the references in relation to the collection and display. The admin-c is referenced in a couple of policies, for example in the transfer policy, but it is always the registrant contact that is key.
The court filings including a number of affidavits and other exhibits are available here.
Of course the bigger question is why on earth ICANN is pursuing this so doggedly. If you look at the various outstanding items in the temporary specification there are several areas which will be highly contentious such as providing access to non-public data to “legitimate” interests.
And what about the costs of pursuing this case?
Getting your lawyer to send a threatening letter might only cost a couple of hundred dollars, but pursuing a court case like this will cost thousands if not hundreds of thousands of dollars. Wasn’t ICANN concerned about its finances?
My take on that: ICANN is looking to have an official and final answer regarding Whois data and GDPR ASAP (time cost more than dollars)