GoDaddy filed a 5,000-page appeal against a Delhi HC order forcing domain registrars to end default privacy and disclose user data within 72 hours. The court ruled privacy cannot shield illegality, but GoDaddy argues it exposes legitimate registrants and violates India's DPDP Act. For Indian founders, this means personal details linked to their domain could become public by default.
How We Got Here
The Delhi High Court's December 24, 2025 order in the Dabur India v. Ashok Kumar case mandated e-KYC, stopped privacy-by-default, and required 72-hour data disclosure. This judgment, delivered by Justice Prathiba M. Singh, also triggered similar challenges from registrars like Namecheap and Hosting Concepts.
The Numbers
- GoDaddy argues applying different WHOIS policies for Indian registrants is unworkable, as domain names resolve identically worldwide.
- The registrar also calls the bar on brand-name variations unworkable, citing 'McDonald' as a common surname and 'HUL' colliding with 118 English words.
- GoDaddy continues to market 'free privacy protection forever' even as it fights the mandate to end privacy-by-default.
- Justice Singh's ruling interprets Section 7(e) of the DPDP Act to permit court-ordered disclosures without consent, rejecting GoDaddy's GDPR/DPDP Act violation claim.
- Weeks earlier, the same court interpreted DPDP differently, ordering Google and Indian Kanoon to de-index names in a right-to-be-forgotten case.
What Happens Next
🇮🇳 Why This Matters for India
For startup founders and engineers in Bangalore and Mumbai, this order means their personal details attached to domain registrations are no longer private by default and can be accessed within 72 hours.
The Take
The Delhi HC is drawing a clear line, prioritizing enforcement and fraud prevention over the "global internet" argument made by registrars. Expect the larger bench to largely uphold these disclosure mandates, making privacy a paid add-on and compliance a new default for Indian domain owners.
Source:
MediaNama ↗