• The December order can be accessed here.

GoDaddy, the world’s largest domain registrar, has challenged the Delhi High Court’s (HC) December order on fraudulent websites before a larger bench, arguing that the directions strip privacy protections from legitimate website owners and force it to police domain names worldwide, Reuters reported after reviewing non-public filings. Namecheap and Hosting Concepts filed separate challenges. The larger bench will hear the appeals on July 16.

The order in question is the Dabur India v. Ashok Kumar judgment, delivered on December 24, 2025, by Justice Prathiba M. Singh. Among the 14 directions issued to registrars, three are central to the appeal. The court directed them to:

  • Run electronic Know Your Customer (e-KYC) verification for all domain registrations, with periodic re-verification.
  • Stop offering privacy-by-default masking, making identity redaction a paid add-on rather than the default.
  • Disclose registrant details within 72 hours when requested by a court, a law enforcement agency, or a rights holder.

What is GoDaddy contesting? Its appeal, which Reuters reported runs to more than 5,000 pages, challenges three of the directions:

  • Ending privacy-by-default: Publishing every registrant’s name, address, phone number, and email address exposes legitimate owners to stalking and harassment. GoDaddy continues to market “free privacy protection forever.”
  • The 72-hour disclosure requirement for anyone with a “legitimate interest”: GoDaddy argues that it cannot determine who qualifies as having a legitimate interest.
  • The bar on brand-name variations: GoDaddy calls it unworkable, since “McDonald” is a common Scottish surname and a string like “HUL” would collide with 118 English words including “hulk” and “moghul.”

Does the privacy argument hold under Indian law? GoDaddy argues that removing privacy-by-default violates the Digital Personal Data Protection (DPDP) Act, 2023, and the European Union’s General Data Protection Regulation (GDPR), both of which require platforms to collect and disclose only the minimum personal data necessary. Justice Singh rejected that interpretation in her order.

She held that Section 7(e) of the DPDP Act allows a data fiduciary to process personal data without consent when complying with a court order. Therefore, the Act permits, rather than prohibits, the disclosures required under her directions. Applying the Puttaswamy proportionality test, she ruled that privacy cannot be weaponised to shield illegality.

Weeks earlier, the same court interpreted the DPDP Act differently in a right-to-be-forgotten case, ordering Google and Indian Kanoon to de-index the names of acquitted persons from search results. GoDaddy’s appeal asks the larger bench to revisit which interpretation of the Act should prevail.

Why does GoDaddy call it a global problem? Because domain names resolve identically across the world,…


Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

 

 

Categorized in:

Blog,

Last Update: July 4, 2026