As stated previously, the implementation of the European Union (EU) General Data Protection Regulation (GDPR) has created significant issues for brand owners with regard to identifying counterfeiters and combatting infringement online, resulting in increasing enforcement costs. Under the GDPR, domain name registrars are prohibited from publishing the name and contact information for domain name registrants. Personal data may only be processed if the registrant consents, for the performance of a contract, or for a legitimate interest of the data controller or a third party.

As a result, the Internet Corporation for Assigned Names and Numbers (ICANN) launched an Expedited Policy Development Process (EPDP) to develop a permanent policy for registration (WHOIS) data collection, processing, and access. The EPDP team completed its Initial Report in November 2018, and has now reviewed and incorporated public comments into its Final Report. This Final Report has 29 policy recommendations, including which data elements (WHOIS data fields) should be collected and stored by registrars, and which data elements should be publicly displayed or redacted.

Unfortunately, this Final Report includes recommendations that would result in even less access to data. While the GDPR requires redaction of an individual’s personal data, the privacy protection does not apply to organizations. The Final Report recommends allowing registrars to redact all WHOIS data and extending the law to apply to corporate and legal entities.

The Final Report does at least provide more clarification for third parties, such as trademark owners, on how to obtain access to non-public data about domain name registrants. One of the recommendations lists specific criteria for stakeholders making a reasonable request for lawful disclosure of redacted registrant data to registrars and registries and requires registrars to publish the mechanism and process for submitting the requests. If adopted, this guidance and structure will help brand owners understand how to draft information requests that will be approved.

While this Final Report was recommended for ICANN Board approval, there is a public comment period that closes on April 17 for anyone that wants to provide further feedback before the Board takes action.

Now the EPDP team has begun its Phase 2 work, which includes a system for standardized access to non-public registration data. The results of these efforts will be important for intellectual property rights holders, as regaining access to this data will facilitate anti-counterfeiting efforts, trademark enforcement, and other efforts to combat infringement, phishing, fraud, and other online abuse.

Update on Rights Protection Mechanisms Working Group

As previously noted, ICANN created a policy development process (PDP) working group to evaluate rights protection mechanisms (RPMs), including the Uniform Dispute Resolution Policy (UDRP) and Trademark Clearinghouse (TMCH) and associated Trademark Claims notification service. Currently, the PDP is reviewing survey results regarding the associated benefits of Sunrise Period (early) domain name registration and Trademark Claims services. The Sunrise mechanism provides brand owners with priority access to registrations in new gTLDs. The Trademark Claims service warns domain name registrants and trademark owners of possible infringements. Specifically, during the domain name registration process, the applicant receives a notice regarding any trademark registrations matching the applied-for domain, which is intended to deter counterfeiting, cybersquatting, and other infringing activity. Brand owners receive a notice post-registration and can determine if further action is required.  The working group’s preliminary report and recommendations are expected to be available for public comment by the end of October 2019.

Registration Process of New gTLDs

The New gTLD (generic top-level domain) Subsequent Procedures Policy Development Process working group has reviewed all public comments on its Initial Report regarding application requirements, evaluation and objection procedures, registry agreement terms, and delegation and post-delegation matters for future rounds of new gTLDs. The comments have shown support in a number of matters, including making the Applicant Guidebook more user-friendly, providing more practical user processes and searchability, and providing more specific guidance on different TLDs, such as .brand TLDs. There is also support to update the applicant-facing systems to allow bulk management of different applications. These improvements are beneficial to brand owners to ensure fair and efficient processing. Additionally, by ensuring that the registration of these new gTLDs has rules for evaluation and objection mechanisms, there can be greater participation by brand owners in the gTLD expansion. While having new gTLDs could equate to new spaces for online counterfeiting and infringement, this expansion could also facilitate anti-counterfeiting and brand protection by allowing more brand owners to be involved in registering online spaces for legitimate products and services.