While the entry into effect of the European Union’s General Data Protection Regulation (GDPR) at the end of May might be music to the ears of privacy advocates, brand owners and trademark attorneys could be hearing a rather less pleasant tune. The GDPR will make it significantly more difficult to access information about domain name registrants: as a consequence, it will become harder to enforce brand owners’ rights online. Novagraaf’s Anca Draganescu-Pinawin explains why.
Until now, attorneys advising businesses on the lives of their brands on the internet have relied on WHOIS, an online tool which makes the names and contact information of the persons who have registered a domain name readily available to the public. These data have played a crucial role in enforcing brand owners’ rights, and have been especially useful in reacting against domain names registered and used in bad faith.
Indeed, on the basis of information provided on WHOIS, trademark attorneys have been able to offer an initial assessment of the potential infringement and advise their clients on a sound course of action. Data obtained from WHOIS would sometimes signal suspicious domain name registrations to the advising attorney and help identify potential cybersquatters. On other occasions, using WHOIS-sourced information would allow attorneys to contact domain name registrants directly, thus resolving disputes without recourse to costly, time-consuming legal action. Finally, it would be used in UDRP procedures to help build a case demonstrating the alleged bad faith of a registrant.
Now that the GDPR is coming into full force shortly, these tasks are about to become significantly more difficult to carry out. This is because the WHOIS system as we know it is not compliant with the data protection requirements of the GDPR.
This turn of events may prove to be a disincentive for brand owners to enforce their rights online. However, cybersquatters and the like may find themselves at an unexpected advantage with the cover provided by the GDPR. This is not to say that the WHOIS system was perfect: a resolute cybersquatter could always find a way to remain in the shadows. That being said, trademark attorneys still had readily available means to contain the problem and offer a variety of solutions to brand owners.
The GDPR will leave a WHOIS-shaped hole in the IP landscape: natura abhorret vacuum, as Rabelais put it, and so too does the IP profession. However, a suitable successor is yet to be found. An accreditation system will probably be offered as a palliative measure to give access to this information for specific professions. That being said, it might not be ready for some time.
In the meantime, GoDaddy, the largest domain registrar in the world, has already resolved to redact email, names, and phone numbers from all WHOIS records they publish. Other domain registrars may well follow. And as long as a new GDPR-compliant system has not been put in place, we must acknowledge that the GDPR has inadvertently thrown sand in the eyes of trademark attorneys.