Re: Merica f*ck yeah
" Publishing it without explicit opt in permission isn't."
ITYM Publishing personal data
A lot of registrations use role accounts and those aren't personal data.
The problem is that domain registrations (and WHOIS) requires actual legally serviceable registrant addresses (ie, ones that can be served with legal paperwork in the event of shit hitting fan) and the tech contacts are supposed to be there to ensure that someone can be contacted to try and shut the mess down if something goes nuts.
ICANN hasn't been adequately enforcing accuracy requirements for 15-20 years (meaning that scammers have registered bogus addresses for kid porn domains that have had the wrong doors kicked in, etc etc) and scammers have spammed the living hell out of published email addresses, rendering the tech addresses useless/encouraging people to obfuscate or remove contact details.
At this point, trying to argue that collecting the data is necessary falls flat on its face over the kerbstone of historic indifference to its accuracy and I'm fairly sure that german courts will point that out.
Harder lines taken against network abuse and prioritising that over gross revenue maximisation would have prevented a lot of the issues that's got ICANN in court today. As it is, IMHO their actions have pretty much ensured that they won't prevail. (IANAL, YMMV, HAND)