However, up to now, the EU has not put any pressure on ICANN. With the EU GDPR and the principle of impact set out in section 3, everything is set to change. In future, ICANN will be held liable and the pertinent question regarding data minimisation will be raised once again.

With the first RAA (registrar accreditation agreement) and the contractual obligations of the ccTLD registries, data protection was a key aspect, which conflicted with the requirements of data protection in the EU and also in Switzerland.

For the time being, the EU appears to be focusing on ICANN. However, registrars would also be well advised to attend to this issue as soon as possible.

As experts in the area of domain names and data protection, we can provide you with specific support in this regard.

Source: