Acting to protect online privacy concerns, a district court recently issued a preliminary injunction against DomainTools, LLC enjoining it from accessing the register for the .nz top-level domain or publishing any .nz register data it had stored in its own databases. But the decision threatens to make investigations of online trademark infringement and cybercrime more difficult.
Second, balancing the hardships, the court noted that DNCL did not demand that DomainTools delete all .nz data from its database, but only adjust its search criteria or, alternatively, scrub from search results all information with a .nz domain name. Notably, DomainTools argued that if a preliminary injunction issued here, that could precipitate “an avalanche of litigation as other registers attempt to protect the privacy of their registrants.” The court was unmoved, stating: “It would be ironic . . . if a plaintiff who has shown a likelihood of success and irreparable injury were deprived of preliminary relief simply because defendant may have acted wrongfully toward others as well.”
Finally, the court dismissed DomainTool’s argument that the data it provides “are critical cybersecurity resources and that the public interest would be harmed if the reports provided to government, financial, and law enforcement entities were incomplete because the .nz data were excised.” The court weighed the public’s privacy and security interests more heavily, finding that DomainTools “and its customers can access the registration information directly through DNCL’s website if it appears that a bad actor is using an .nz domain.’ On the other hand,” the court continued, “the .nz registrants’ privacy and security interests are compromised as long as defendant is publishing non-current or historical .nz information out of its database.”
But the decision may adversely affect the investigation of wrongful and illegal conduct. Current and historical WHOIS records are a vital investigative tool that brand owners and law enforcement authorities use to quickly research and respond to cases of online trademark infringement, counterfeiting, cybersquatting, phishing, and other cybercrime. The privacy concerns animating the court’s decision, however, reflect a growing world-wide trend. Earlier this year, Europe’s General Data Protection Regulation (“GDPR”), which protects against privacy breaches and data thefts, went into effect. Different domain name registrars have taken different approaches to compliance: some selectively redact WHOIS data for EU residents only, while many have removed data for all domains save for an anonymous email address directed to the registrar. But the impact has been clear. Prior to the GDPR, DomainTools estimated that the identities of less than 25% of domain registrants were concealed (principally because they used privacy protection services). Post-GDRP, however, the identities of a majority of registrants are concealed—either by the registrars or the registrants—making information that used to be readily available far more difficult to obtain. As a result, domain registrants with criminal or infringing intents are granted an added layer of anonymity.
At minimum, the court’s decision suggests that privacy concerns—which may gain greater protection in the future—will continue to complicate domain name investigations. Brand owners, as a result, will need to devote increased time and resources to ascertain identifying information about online counterfeiters and trademark infringers.
The case is Domain Name Commission Ltd. v. DomainTools, LLC, Case No. 2:18-cv-00874-RSL (W.D. Wash. Sept. 12, 2018). DomainTools has appealed the decision to the Ninth Circuit.