FEATURE INTELLECTUAL PROPERTY LAW
BY AMANDA MARSTON
Th is article looks at the current state of domain name disputes in light of the recently implemented General Data Protection Regulation.
The General Data Protection Regulation (GDPR) came into force on May 25, 2018. Since then, companies and individuals have been working to determine how it affects domain name disputes. Implementation of the GDPR is consistent with today's privacy concerns and data usage, but it has raised questions, many of which remain unanswered. A common question for intellectual property practitioners is how the GDPR impacts the ability to enforce trademark rights in connection with domain names.
This article describes the GDPR, outlines the Uniform Domain-Name Dispute Resolution Policy (UDRP) and Uniform Rapid Suspension System (URS) processes, dives in to the current state of resolving domain name issues in light of recent changes, and looks at what lies ahead.
GDPR (Regulation (EU) 2016/679) regulates the processing of
personal data. It applies to individuals and businesses that
are not using the data for personal use and that are either
(1) located in the European Union (EU), (2) offering goods
and/or services to persons in the EU, or (3) monitoring the
behavior of persons in the EU
GDPR's goal is to simplify data protection. It requires
those regulated by the GDPR to include privacy policies
written in "clear, straightforward
for violating the GDPR include up to 4% of annual global
revenue or €20 million.
Overview of Domain Name Dispute Resolution
Internet Corporation for Assigned Names and Numbers (ICANN)
is currently the governing body for the domain name system.
Before ICANN, Network Solutions Inc. (NSI), a technology
consulting company, was primarily responsible for handling
top-level domains (TLDs) such as .com,.org, and .net. In
1998, NSI implemented a policy under which it would suspend a
domain name registrant's domain name if a complaining
party produced proof of trademark rights in a mark identical
to that of the domain name. If the domain name registrant
could not prove trademark rights before the complainant's
first demand letter to the registrant, the domain was
1998, the U.S. government announced its plans to hand domain
name management over to the nonprofit agency ICANN. The
U.S. government advised that any dispute resolution adopted
by ICANN should be limited to instances of cybersquatting,
and disputes between parties with "legitimate competing
interests in a particular mark" should be resolved in
ICANN and WHOIS
ICANN was created to provide a variety of services, including managing generic and country code TLD name systems and accrediting registrars all around the world. ICANN also created the WHOIS service. The WHOIS system houses the majority of domain name owners' information, including their names, emails, and addresses. Each registrar maintains control of the information, but it is made available through the WHOIS system. A person is able to conduct a WHOIS search by entering a domain name into one of several WHOIS search engines. Search results include the registrant's name, email, and address, as well as any other pertinent information (including domain name creation and expiration) associated with the domain name.
Although it was possible to hide much of this information through privacy services before implementation of the GDPR, the valuable WHOIS information is used to contact domain name owners, conduct investigations, and file UDRP and URS complaints. Those seeking to file domain name complaints often begin with the WHOIS information to conduct research into the domain name registrant, the purpose in owning the domain name, and any possible legitimate interests by the registrant in the domain name.
UDRP and URS
UDRP is a process established by ICANN for resolving disputes
regarding the registration of Internet domain names. The UDRP
protects businesses from bad faith registrations. In
connection with ICANN's governance over domain names,
ICANN requires all global top-level registrars to adopt the
UDRP as part of all domain name contracts. At implementation
it only applied to then-existing generic TLDs (gTLDs) such as
.com, .net, and .org, but it now applies to a much larger
Under the UDRP, a complainant must satisfy several elements for a panel to find in the complainant's favor and order transfer, cancellation, or changes to the domain name. A complainant must assert the grounds on which the complaint is made, including that
1. the domain name is identical or confusingly similar to a trademark in which...