Since the adoption of the European Union’s General Data Protection Regulation (GDPR), many IP rights holders have feared that the enforceability of their intellectual property rights (e.g., trademark and copyright) would become markedly more complicated and that the public ICANN WHOIS database would “go dark.” Now that the GDPR is in effect, significant changes have been made to WHOIS, and the ability to identify and take action against registrants of infringing domain names has become more complicated. This article will focus on the various options now available to IP rights holders for enforcing their rights.
On May 17, 2018, ICANN adopted a Temporary Specification that significantly limited the availability of contact information for domain name registrants on the public WHOIS database. The changes were made to comply with the GDPR, which went into effect on May 25, 2018. Previous versions of the WHOIS database provided fast and free access to the names and contact information of domain owners, making it easy to contact potential infringers. The exception was where the registrant had utilized a proxy (a/k/a privacy) service, such as GoDaddy’s Domains By Proxy, to hold the registration.
Under the Temporary Specification, the available information is limited to the registrar’s corporate name, country and state location, and an anonymized email address or web contact form. This has serious implications for IP rights holders who have come to rely on the WHOIS database as a one-stop shop for identifying and contacting potentially infringing domain registrants. Without access to detailed contact information on WHOIS, IP rights holders will have to utilize a patchwork of other available resources to identify domain registrants. Moreover, at present, it appears that many of the domain name records on ICANN’s WHOIS do not even list an anonymized email address or web contact form.
The most useful workarounds are summarized below, but IP rights holders and professionals should be prepared for increased time and cost to identify and contact domain name registrants.
File a UDRP Dispute Against the Registrant
The UDRP arbitration dispute resolution mechanism will continue to function under the Temporary Specification, with the exception that, when registrant data is anonymized on WHOIS, the UDRP complaint notification will be forwarded by the registrar to the underlying email of the domain owner. In theory, the procedure should then operate in the same manner as it did before the Temporary Specification but, as discussed above, there is no way to ensure that the complaint was received unless and until a response is received. If no response is received, the UDRP provider (e.g., WIPO, NAF) will presumably follow its standard default procedures.
A little-used second arbitration mechanism, the Uniform Rapid Suspension (URS), can also be used under the Temporary Specification.
IP rights holders and professionals have come to rely on WHOIS for critical contact information about infringers. ICANN’s response to the GDPR has made policing infringing domain names more complicated, but a number of options remain for investigation, identification, and enforcement of IP rights. Although commonly used tools are changing, IP rights remain enforceable under the new WHOIS.
For more information, contact the Gray Plant Mooty Intellectual Property, Technology & Privacy team.
Gray Plant Mooty is recognized as one of the leading corporate law firms in Minnesota and one of the top franchise firms in the world. Our roots go back to 1866. Today, we are a full-service firm with nearly 180 attorneys and offices in Minneapolis and St. Cloud, Minnesota; Washington, D.C.; and Fargo, North Dakota.