GoDaddy is pushing back against a new Indian court order requiring domain registrars to collect extensive owner data and hand it over within 72 hours upon police or court request. While aimed at cracking down on phishing and fake websites, the move threatens ordinary internet privacy and the confidentiality of domain registrations. GoDaddy’s appeal hearing is scheduled for July 16.

India’s booming internet user base-from just 15% of the population in 2015 to an estimated 70% in 2025, according to Our World in Data-is fueling a surge in phishing sites. The country’s National Technical Research Organisation reported over 1,100 phishing domains in Q1 2025 alone, prompting the government and regulators to tighten domain ownership transparency.

Last year, a Delhi court ruled that domain registrars can no longer offer privacy protection for registrant data as a default service. Instead, customers must explicitly request it, sometimes incurring additional fees. Registrars are also required to conduct identity verification using government-issued IDs or other documents.

Trademark owners largely support these steps, frustrated by counterfeit, typo-squatted, and clone websites impersonating major brands. But GoDaddy warns the new rules risk sweeping away privacy safeguards for millions of legitimate domain owners worldwide. If registrant details like names, addresses, phone numbers, and emails are publicly accessible via WHOIS by default, users could be exposed to privacy breaches and harassment.

Domain privacy trends since GDPR

The controversy comes as the domain industry is still adjusting to privacy regulations sparked by Europe’s GDPR in 2018. Since then, registrars and registries have largely hidden WHOIS data to comply with strict personal data protection rules. The Internet Corporation for Assigned Names and Numbers (ICANN) has worked to balance transparency and privacy by restricting access to registration details rather than exposing them publicly.

This shift is global. Major registrars like GoDaddy and Tucows now offer domain privacy as a standard feature for many domain extensions, reflecting growing user demand for anonymity online. India’s new mandate, if upheld, will force registrars to navigate conflicting regulations-protecting user privacy in some jurisdictions while complying with Indian court orders that expose owner data.

GoDaddy, the world’s largest domain registrar managing tens of millions of domain names, has a direct stake in how this unfolds. Any policy change on data disclosure at GoDaddy tends to ripple across the industry, making this Delhi court fight a potential test case for how single-country rulings can influence global internet governance.

India’s position also responds to a genuine concern. Phishing and spoofing campaigns rise alongside internet adoption, often targeting newcomers vulnerable to fake banking, government, and e-commerce sites. Law enforcement and rights holders argue that hidden registrant data slows investigations and content takedowns, motivating demand for faster access.

The outcome of GoDaddy’s appeal won’t just impact India. Other countries grappling with internet fraud may follow India’s lead, demanding stronger Know Your Customer (KYC) checks and rapid disclosure of domain owner info. If the court upholds the current rules, mounting pressure on registrars and international domain zones to comply is expected. The July 16 ruling could define how far legal authorities can push privacy boundaries in the domain registration world.

Source: Gizmodo

Leave a comment

Your email address will not be published. Required fields are marked *