The implementation of the General Data Protection Regulation (GDPR), and ICANN’s conservative temporary policy which favors privacy and limits registrar liability, has made domain enforcement against cybersquatters, cyber criminals and infringement more difficult, expensive and slow.
With heightened concerns over privacy following high-profile breaches of consumer data and its subsequent illicit use and distribution, there is no question that consumer data protection practices would come under scrutiny. GDPR is an attempt to address consumer privacy and ICANN’s temporary specification which implements GDPR allows wholesale redaction of registrant contact data for both consumers and those with malicious intent. The unintended result of ICANN’s action is that in most cases little more than the registrant’s country and state or province is now available in WHOIS records.
This has made it easier for individuals and/or entities with less than honorable intentions to operate anonymously. Fulfilment of requests from law enforcement, investigators and intellectual property rights holders with a legitimate need for registrant contact data has been vastly reduced, and in many cases, has resulted in the doors being left wide open for the rampant abuse of domain registration.
Although this landscape might appear bleak at first glance, there are options for intellectual property holders and their legal teams to employ in a post-GDPR domain naming system (DNS). The redaction of the WHOIS records, while frustrating, doesn’t necessarily mean effective brand protection in the DNS is out of reach.
Since the implementation of GDPR, by working with registrars and making requests for our clients, we’ve developed best practices on how to format, transmit and justify registrant contact requests. We’ve discovered that there is a tremendous variety in how each request must be constructed. Each registrar has specific steps, leading to a diverse set of requirements that varies from registrar to registrar and in some cases, situation to situation. And, there are varied results depending upon the registrar and circumstances of the request.
As a result of this work, we’ve developed a set of notices that have assisted our clients in obtaining speedier and more efficient resolution of domain infringement issues. Brandholders can adapt and modify these notices to fit their strategies and goals.
Brands and their customers suffer the effects of fraud and the betrayal of trust when bad actors are allowed to operate with impunity online. To help combat abuses and make digital channels safer for everyone, we’ve decided to make those notices and observations about their application available to brandholders and their legal teams with an accompanying guide to domain enforcement post-GDPR.