WHOIS, the domain lookup service, has gone into black-out......
Historically, anyone searching for a domain could use this free database to reveal the person or company behind a domain registration, including their name and address.
This information was useful from a due diligence perspective in corporate transactions, providing some comfort that the domains you were buying were in the name of the correct seller.
Perhaps even more importantly however, the WHOIS database was crucial for trade mark owners and their legal representatives to help reveal the identity and contact details of cybersquatters. As well as this it was helpful in tackling other IP infringements online.
However after May 25th 2018, when the GDPR was officially introduced, personal data was no longer available on WHOIS searches.
ICANN't deal with GDPR!
In truth, this change has been on the cards for some time already; for years now there have been question marks raised about whether disclosing personal data via WHOIS searches was compliant with data protection laws, particularly in the EU.
Until recently, ICANN (the US based organisation responsible for coordinating the maintenance of all domain names) had resisted any changes to its contractual provisions which required the collection of a domain name registrant's personal details.
However, the GDPR brought with it new sets of rules and stiffer sanctions for non-compliance. In the lead up to May 25th, European registrars feared that the current ICANN rules would force them to be in breach of the GDPR. This led many European domain registrars to take matters into their own hands in relation to the collection of information from those registering domains.
ICANN tried to come up with a workable GDPR-compliant solution prior to the 25 May deadline while facing increasing pressure and open revolt, but this was not achieved. As a result, ICANN were forced to issue temporary amendments to their rules resulting in a blackout of the WHOIS database. Meaning that currently, only very basic information is available, e.g. date of registration and registrar details.
ICANN is fighting back but to little avail
The changes have not been welcomed by ICANN. They recently fought a court case in Germany after they attempted to enforce the terms of their contractual agreement with a domain name registrar, EPAG Domain Services, who refused to collect a registrant's personal data.
ICANN were unsuccessful as the Regional Court of Bonn ruled that they had failed to show that the collection of the contact information was necessary, as required by the GDPR.
ICANN is currently appealing the decision as they seek clarity on how to maintain a global WHOIS system and still remain compliant with legal requirements under the GDPR.
How does this impact Trade Mark owners?
All is not lost for rights holders seeking to identify the source of IP infringements online.
Some registrars are now introducing data disclosure forms that an aggrieved rights holder can fill in to request the identity of a domain registrant in certain situations. For .CO.UK domains, rights owners are able to request access to data via Nominet's data disclosure policy by completing this form, which requires you to explain your legitimate interest in this data. Nominet gives as examples of a legitimate interest: a trade mark holder wanting to identify the registrant to include them in a Dispute Resolution service complaint; solicitors acting for a party trying to enforce their IP rights; or a law enforcement agency requesting the data on a domain name.
However, what is clear is that life will be more difficult for rights holders going forward. Inevitably this new landscape will involve more time, effort and be more expensive when seeking access to registrant information, which up to now has been freely and readily available. As a consequence it may encourage more instances of cybersquatting and IP infringement as the perpetrators hide behind the veil of confidentiality and avoid detection. Here sits the uneasy balance between the right to privacy and the right to enforce your intellectual property.
These changes could also see a more litigious industry. Without contact information, parties may decide to place less reliance on initial pre-action letters and instead take more direct action via formal domain complaints or pursuing court action.
What can you do?
This issue is likely to develop in the next 12 months and will be hotly debated for some time yet. Freeths IP & Media team are monitoring the situation closely and have submitted comments in a recent Nominet consultation on the issue supporting the need to protect rights holders.
But as the online world evolves, so does technology and the tools we have at our disposal to protect brands. For trade mark owners, it emphasises the need to have effective watching and brand enforcement services in place to tackle infringements and prevent brand dilution.
Originally published 1st August 2018
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.