GoDaddy Fights India Court Order That Could Expose 80M Domain Owners
Key Takeaways
- GoDaddy’s appeal against a New Delhi court ruling that mandates paid domain privacy pits cyber fraud enforcement against global data protection standards, with 80 million domains and $5B in revenue at stake.
Mentioned
Key Intelligence
Key Facts
- 1India received 2.4 million cyber fraud complaints in the past year, with alleged losses totaling $2.4 billion, as smartphone and internet use surge.
- 2In December 2025, a New Delhi court ordered the blocking of more than 1,100 fake websites impersonating brands like Amazon and McDonald's, and mandated that domain privacy become a paid service.
- 3GoDaddy manages about 80 million domain names and serves over 20 million customers globally, with annual revenue of approximately $5 billion; India is its largest emerging market.
- 4GoDaddy’s appeal argues that removing privacy-by-default features exposes legitimate website owners to stalking, harassment, and security risks, and is “commercially destabilizing,” potentially forcing registrars to exit India.
- 5The court’s directives conflict with India’s Digital Personal Data Protection Act and the EU’s GDPR, both of which require “privacy by default.”
- 6Rival registrars Namecheap and Hosting Concepts have also challenged the ruling, signaling broader industry opposition.
The directives are commercially destabilizing and could force domain registration companies to exit India.
Non-public court filings reviewed by Reuters
Analysis
For legal and regulatory professionals, this case crystallizes a growing tension between aggressive national cyber-fraud enforcement and the foundational privacy-by-default principle espoused by India’s own data protection law and the GDPR. The New Delhi court’s decision to reclassify domain privacy as a paid, rather than a default, service challenges the very architecture of digital rights and raises novel questions about jurisdictional conflicts, the extraterritorial reach of court orders, and compliance liability for multinational registrars. As the Delhi High Court weighs the appeal, its ruling could set a binding precedent for how common law jurisdictions reconcile consumer protection with data privacy.
GoDaddy has launched a high-stakes legal challenge against a December 2025 ruling by a New Delhi court that ordered the mass blocking of over 1,100 websites impersonating well-known brands such as Amazon and McDonald's. The court’s directives, aimed at curbing a surge in cyber fraud, go further than simple blocking: they require domain registration companies to strip away default privacy protections, making the personal details of all domain owners—names, addresses, phone numbers, and email addresses—publicly accessible. GoDaddy, in non-public court filings reviewed by Reuters, argues this undermines fundamental privacy rights and could destabilize the domain registration business in India, its largest emerging market. With 80 million domains under management and annual revenue of approximately $5 billion, GoDaddy warns the ruling is “commercially destabilizing” and could force registrars to exit the country entirely. Rivals Namecheap and Hosting Concepts have joined the appeal, signaling industry-wide alarm.
With 80 million domains under management and annual revenue of approximately $5 billion, GoDaddy warns the ruling is “commercially destabilizing” and could force registrars to exit the country entirely.
The background is stark. India’s cyber fraud epidemic has reached unprecedented levels: authorities logged 2.4 million complaints in the last year, alleging losses totaling $2.4 billion. The court, in its ruling, described fake websites as “engines for large-scale deception” and held that privacy features that shield domain owner identities act “as a cloak” for scammers. It mandated that privacy protection become a paid add-on service, rather than a default, to deter misuse. This approach, however, collides head-on with global data governance norms. GoDaddy’s appeal explicitly invokes India’s own Digital Personal Data Protection Act and the European Union’s General Data Protection Regulation (GDPR), both of which enshrine “privacy by default” as a core principle. By treating privacy as a premium feature, the court’s order creates a direct conflict with these frameworks, potentially exposing corporations and individuals to legal liability in multiple jurisdictions.
What to Watch
The implications extend far beyond a single court dispute. If upheld, the ruling could reshape the economics of domain registration in India and set a precedent for other nations grappling with cybercrime. Domain registrars operate on thin margins in a competitive market; forcing them to fundamentally alter their privacy infrastructure—and to charge end-users for what was previously free—could depress adoption and push small businesses toward unregulated markets. Simultaneously, the move threatens to erode the trust infrastructure of the internet. Wholesale exposure of domain owner data invites stalking, harassment, identity theft, and corporate espionage, as GoDaddy asserts. The company’s argument that legitimate businesses and individuals will bear the brunt of this exposure, while sophisticated fraudsters find workarounds, is a persuasive policy critique that courts and regulators will need to weigh carefully.
Looking ahead, the Delhi High Court’s larger bench to which GoDaddy has appealed faces a balancing act with global consequences. A ruling that validates the lower court’s approach could embolden other countries to adopt similarly aggressive anti-fraud measures at odds with international data protection standards. Conversely, a reversal would reaffirm the compatibility of strong privacy protections with legitimate law enforcement objectives, potentially paving the way for a more nuanced approach—such as targeted domain seizures based on due process, rather than blanket disclosure mandates. As internet governance becomes increasingly fragmented, this case will be closely watched by policymakers, legal scholars, and the technology industry worldwide.
Timeline
Timeline
Lawsuits filed against fake websites
Amazon, McDonald's, and other companies begin filing lawsuits against fraudulent websites using their brand names.
New Delhi court orders domain blocking and privacy changes
The court orders over 1,100 fake websites blocked and mandates that domain privacy protection become a paid service, removing it as a default feature.
GoDaddy appeals to larger bench of Delhi High Court
GoDaddy files an appeal, arguing the directives violate data protection laws and could force registrars to leave India; Namecheap and Hosting Concepts join the challenge.
Sources
Sources
Based on 15 source articles- batonrougepost.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- floridastatesman.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- hawaiitelegraph.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- srilankasource.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- birminghamstar.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- japanherald.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- singaporestar.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- israelherald.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- asiabulletin.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- afghanistansun.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- irishsun.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- neworleanssun.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- memphissun.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- caribbeanherald.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
- tennesseedaily.comGoDaddy warns India rules could reshape internet governanceJul 5, 2026
How we covered this story
Every story in our legal coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.
Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the legal space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.
| Signal on this page | What it tells you |
|---|---|
| Verified by N sources | Independent corroboration count. N≥2 is our confidence floor; N=1 is marked explicitly. |
| Impact score (1-10) | Regulatory + financial + operational weight. 8+ signals an experienced-operator action item. |
| Sentiment | Five-tier classification trained on labeled legal-specific corpora. |
| Timeline | Where applicable, the related-events sequence that contextualizes today's development. |