Impact of EU's GDRP on Domain Registration

But with the GDPR, that problem could be exacerbated. John McElwaine, a partner at Nelson Mullins in Charleston, SC, says the domain registration process itself hasn't changed, just what you can see afterwards. Currently, he explains, “even if you don't ask for a privacy or proxy registration, there's going to be no ability to see who registered that domain name.”

The result is a Wild West scenario. “It's a registrar by registrar basis in terms of how much information they're allowing for non-EU individuals,” McElwaine adds. “A lot of them don't even want to bother with having to mine their records for that type of data, so they are blocking even people that GDPR doesn't apply to.”

International organizations such as ICANN have long been the stewards of this type of information. It was ICANN that was largely behind the introduction of new top-level domains in 2012. But currently, said Husch Blackwell attorney Caroline Chicoine in St. Louis, MO, ICANN is “waiting to see what they're obligated to do under the law and what not, and if there's ways to allow people to request the information for legitimate reasons, and then deciding what those legitimate reasons might be.”

Those legitimate reasons currently include intellectual property concerns, as well as criminal activity for law enforcement. On May 17, 2018, ICANN adopted a Temporary Specification for gTLD Registration Data, aimed at bringing WHOIS in line with the GDPR and allowing a mechanism by which rights holders can ask for information. But the key word there is “temporary,” as the expedited policy development process will not be finalized until May 2019, one year from the GDPR's implementation.

So what are rights holders left to deal with in the interim? “Right now, if there's a website with infringing content, whether it's pirated movies or music or it's the sale of counterfeit products, there is no easy way,” says McElwaine. “You used to be able to just look it up, and if there was a privacy or proxy, you could write a letter or fill in a form. If it was a responsible service, it would trigger a requirement that the registrant at least respond to you, or else their information was going to be disclosed. Now, that does not happen, although some registrars are setting up a similar form.”

McElwaine says the process now takes extra steps, as IP holders need to try and find other access points into an infringing party like contacting the hosting company or the registrar of domain name and explain why information should be disclosed.

If all else fails, one could file a Uniform Domain-Name Dispute Resolution Policy (UDRP) complaint with ICANN, which McElwaine says have been on the rise since May. Chicoine agrees, saying that proxy services, where registrars placed themselves as a domain owner in WHOIS, have long been an issue for finding out information and now those who want to withhold information have even more ammo to hold out against a request. “We're used to not knowing, but at least in that case, you could file a UDRP against GoDaddy, and they'll say, 'No, it's not us who's the bad guy. Now we'll disclose.' … But even that takes time and money for companies to get that information. We would like to not have to file UDRPs every time to figure out who's behind a domain name,” she says.

And the extra steps add up. “It's not a complicated thing [to write a report to ICANN] and it's not a time-consuming thing, but it does take more than a minute to go into the site and submit a complaint,” Chicoine adds.

While these new rules are being finalized, Chicoine stresses that companies should be collecting data to show to ICANN and other organizations exactly why withholding registration information is an issue. She says to “think of ICANN like the U.S. government,” and to prove any point, “we need the data to back up that this is a problem, that this is not just normal brand policing. If you want policies in ICANN that allow you to have legitimate interest to reveal who it is, we need to show them that right now there is a lack of that, what the consequences of that are, and the problems that it creates.”

McElwaine notes that it's important to point out the uptick in mischief and scams being run with this hidden information as well: “That was trending up already, and now the regulators have ironically given cover for people to steal information.”

*****

Zach Warren is the Editor-in-Chief of Legaltech News, an ALM sibling of Entertainment Law & Finance. He can be reached at [email protected].