In this series, we will look at the everchanging world of cybersquatting and how companies should be approaching the issue in 2019.

Cybersquatting has been a problem for businesses since the nineties but, following a number of recent events, companies (and their customers) are more vulnerable than ever before. Take, for example, the introduction of over 1200 new generic top level domains or ‘gTLDs’ (the suffix at the end of a web address such as <.network> and <.media>). The launch of these new gTLDs, which was first initiated in 2013, has vastly expanded the cybersquatters’ playing field. In 2018, the EU implemented the GDPR[1] – a data privacy regulation concerning the personal data of individuals of EU member states and, importantly, the export of that personal data outside of the EU. This has served to increase anonymous domain name registration, providing a useful veil behind which cybersquatters can hide. Further, the explosion of unicorns and other digitally-focused businesses over the past decade makes for a plethora of appealing new targets for cybersquatters. This melange of circumstances creates the perfect environment for domain name abuse to thrive. According to its latest report, the World Intellectual Property Office (‘WIPO’) saw a record 3,447 reported cybersquatting cases in 2018 – a 12% increase since 2017[2]. The top three sectors affected were banking & finance, biotechnology & pharmaceuticals and internet & IT. So how can businesses avoid adding to these statistics in 2019?

Domain Name Dealing – Business or Skulduggery?

In this first instalment we will look at dealing in domain names: the practice of registering domain names with the sole objective of selling them on. Given the huge profits often involved, it can be a lucrative business, but can this activity ever be considered fair commercial behaviour? Should you barter with a cybersquatter for a domain name you believe is rightfully yours? Can domain name registrations ever legitimately be used as bargaining tools in commercial negotiations? Questions such as these are arising more and more frequently and it is, understandably, tough for businesses to know how best to deal with them – especially when the law is still toiling with the issues!

Grabbing a profit…

In June this year, the Singapore Court will reportedly decide whether GrabTaxi Holdings (‘Grab’), owner of the Singapore-based taxi app, is liable for breach of contract in respect of an alleged agreement to buy the domain name <grab.co.id>. Grab is being sued by a Singapore company, 3 Corporate Services (‘3CS’), for failing to pay a whopping US$250,000 – the alleged agreed transfer price. In July 2017, Grab approached 3CS with a view to purchasing the domain name. However, Grab claims that the parties never came to a final agreement and accuses 3CS of prolific cybersquatting. 3CS had allegedly been involved in the registration of numerous domain names referring to big brands and personalities (with, Grab says, the sole objective of transferring them for extortionate sums). The case is not set to come to trial for a few weeks but, in the meantime, it raises a potential warning flag in respect of initiating negotiations with suspected cybersquatters. Watch this space.

Finders keepers?

So what about business models centred on collecting domain names? Do such companies have rights over businesses with legitimate claims to certain words? In February this year, a WIPO panel decided that <dialoga.com> had not been registered in bad faith by the Respondent (a company with a portfolio of domain names for sale) despite it being the Complainant’s trade name – a name the Complainant had used for many years prior to the domain name registration and for which it owned several registered trade marks[3]. In coming to this conclusion, the panel said that buying and selling domain names as a business model was not of itself evidence of bad faith, especially in instances such as this where the domain name in question refers to a dictionary word in certain languages. For a finding of bad faith, the Complainant would have had to establish that the Respondent had the Complainant’s rights in mind when registering the domain name.

Importantly, the panel in this case found that the Complaint was an example of so-called reverse domain name hijacking. This is the practice of (typically) large corporations intimidating (typically) small-time domain name holders into transferring their domain names to avoid legal repercussions, without sufficient grounds to do so. The panel noted that “the Complainant simply believes that it is a more appropriate owner of the disputed domain name than the Respondent…that view is misguided and is not a basis for seeking any remedy…”. The lesson here is that, whilst important, a strong trade mark portfolio alone is not enough to protect your brand name online. Businesses must also be proactive when it comes to their domain name strategy. Had the Complainant in this case made savvy domain name purchases when it was incorporated (the domain name in question being perhaps one of the most obvious with which to start), it might have avoided the situation entirely.

Bargaining chips and grumpy cats

So what if a domain name has been registered or purchased purely for use as a weapon of negotiation? The domain name holder may not be your typical domain name dealer but what if they acquired this domain name purely with commercial negotiations in mind? Surely that’s not legitimate…or is it? In a recent US case[4] the Court found that it was! The Respondent had been using <grumpycat.com> as a bargaining tool in negotiations with the Complainant, Grumpy Cat Limited, in relation to the expansion of its existing IP licence to use the Grumpy Cat name on coffee products. The Court held that, whilst it is bad faith to hold a domain name for ransom where the holder uses it to get money from the owner of a trademark (rather than to sell goods), use as a negotiating tool between business collaborators is not the same thing. As such, there was no evidence of bad faith in this case. Somewhat surprisingly, this decision was made despite the domain name in question being used by the Respondent to redirect to its own website. However, given the unique circumstances of the case, it was held that the redirection was unlikely to cause damage to the Complainant.

So how should my business deal with these situations?

It is clear from these recent cases that, in some instances, what might initially appear to be cybersquatting is in fact legitimate commercial practice. As such, businesses cannot just rely on reactive measures to protect their brands and must think carefully about their approach to domain names from inception. A domain name relating to your company might only cost a nominal sum when you first set up but, leave it unregistered, and you might find yourself faced with a few too many ‘0’s on the price tag when you want it later down the line! When developing your domain name strategy, think about the different gTLDs available for registration that may be relevant to your brand, as well as possible misspellings. Of course, you cannot register absolutely every variation relevant to your business and at some point you may find yourself dealing with a cybersquatter despite the existence of a strong domain name portfolio. However, with the existence of UDRP and other dispute resolution forums, there are lots of ways in which you can retrieve a domain name without having resort to expensive and lengthy litigation.

Taylor Vinters Via can help with your company’s domain name and wider brand protection strategy, as well as assist with dispute resolution if you suspect you have fallen victim to cybersquatting. Speak to us to find out more about how we can help.

In the next instalment, we will consider the worrying new trend of typosquatting in the cryptocurrency exchange market. Why is typosquatting becoming a particular problem for crypto-companies and what can be done?

This article was first published by Asia Law Network and authored by Victoria Armstrong, Senior Associate of Taylor Vinters Via LLC.