Trademark Enforcement: Determining ‘WHOIS’ behind infringement may have become much more complicated

published in McAfee & Taft tIPsheet | December 3, 2018

As discussed in our November 2018 tIPsheet, Europe’s General Data Protection Regulation (GDPR) is now in effect and has caused businesses in the United States and abroad to contemplate how they are storing and processing data. A recent fight among European authorities and Internet regulators may also cause the GDPR to impact how businesses enforce their trademark rights against online infringers.

An investigation into an online infringer generally includes a search of the WHOIS database. The WHOIS database is an online registrar of domain name information regulated by the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit organization responsible for coordinating and maintaining the WHOIS database worldwide. The information available on the WHOIS database includes the name and contact information of the domain owner, the creation date of the domain, and other technical data. Having this information allows businesses to determine the identity and addresses of potential infringers in order to take action, such as sending cease and desist letters, initiating arbitration proceedings to obtain a disputed domain and, in some cases, initiating litigation. Thus, the WHOIS database is a powerful investigative tool for businesses when dealing with online infringement.

Unfortunately, the GDPR may have created a hindrance on this important tool. Over the past few months, European authorities enforcing the GDPR have disputed the legality of ICANN’s disclosure of personal information through searches on the WHOIS database, causing ICANN to redact and restrict the disclosure of certain information concerning domain name registrants who reside in the EU. Some online registrars have taken this a step further and removed all access to domain-related data, as it may be hard to determine who is an EU citizen and who is not.

So what does this mean? In short, these redactions and limitations to domain name information have resulted in online infringers having an easier time eluding detection and have made it more difficult for trademark owners to take enforcement action against online infringers. Although not all domain name information has been limited on the WHOIS database, more and more data may be restricted as time goes by making investigation of online infringement more time consuming and difficult. However, ICANN is currently working towards a temporary solution that would allow businesses to initiate domain name disputes even if the personal information of a domain name registrant has been redacted or restricted due to privacy concerns. That said, businesses should consult with legal counsel familiar with additional investigative tools to assist them in combating online infringers if and when the WHOIS database comes up short.