September 30, 2020

Volume X, Number 274

September 29, 2020

Subscribe to Latest Legal News and Analysis

September 28, 2020

Subscribe to Latest Legal News and Analysis

Playing a Game of “Guess Who”: The Domain Name Dispute Process Post-GDPR

Since the European Union’s General Data Protection Regulation (GDPR) went into effect in late May, its impact continues to be felt by cybersecurity researchers, investigators, law enforcement officials and – perhaps less obviously – anyone who relies on the information provided by the Internet Corporation for Assigned Names and Numbers’ (ICANN) WHOIS service. This includes lawyers, like us, who routinely check WHOIS to ascertain the identity of a domain name registrant.

ICANN requires domain name registrars to collect information, such as basic contact information, from domain name registrants. Previously, absent a paid privacy shield service adopted by the registrant, the information collected was made publicly available by the registrar through the WHOIS database. Now, in an effort to avoid liability under the sweeping GDPR, registrars are refraining from publishing this information. Instead, per a temporary specification developed by ICANN, many are providing a randomized email address or web-based contact only, which can be used to contact the registrant anonymously.

The temporary specification also requires each registrar to determine, on a case-by-case basis, whether the party requesting the personal information has a legitimate interest in the information and whether it outweighs the privacy interests of the registrant. It remains to be seen how this balancing test will play out in practice; one wishing to override a registrar’s decision in that respect may need to seek a subpoena or other legal means of obtaining the information.

The qualified good news is that despite these changes, brand owners are still able to file complaints under the Uniform Domain Name Dispute Resolution Policy (UDRP) – albeit with more effort. What was once a single-step process may now require two or three steps: filing an action without including the registrant details, and then amending the complaint to later include that information, once the forum receives that information from the registrar.

One final note: ICANN’s temporary specification expires in May 2019, and it’s likely we’ll see further changes then. But unless drastic changes occur – which we do not anticipate – brand owners should expect to wear their “investigation” hats more often when enforcing rights against cybersquatters!

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume VIII, Number 319


About this Author

Renato Perez, Drinker, trademark lawyer

Renato Pérez advises clients on trademark, copyright and patent matters including brand protection, advertising, and marketing. Prior to joining Drinker Biddle, Renato practiced in a prominent law firm’s regulatory practice group in Washington, D.C., and his regulatory experience includes managing compliance with agencies such as the Federal Communications Commission, the Food and Drug Administration, and the Federal Trade Commission. He has also worked with intellectual property issues regarding video, music and media usage permissions as a multimedia...

(202) 230-5369