Six things you need to know post-GDPR

We all know by now that the enforcement of GDPR has caused complications in the brand protection sphere, the most notable of which being the demise of WHOIS.

With most registrars redacting the registrant data, even if the registrant is not located in the EU or not a natural person, we are essentially facing a WHOIS blackout of registrant information.

In these uncertain times, we’ve answered six questions that help to shine a light on the current situation.

Why are registrars deciding to hide their registrant data?

In late May, the Internet Corporation for Assigned Names and Numbers (ICANN) approved a Temporary Specification for the display of WHOIS data. Registries and registrars are required to follow this specification, which allows registrars and registries to mask all registrant data, regardless of whether the registrant is a resident of the European Economic Area or not.

Apparently some registries and registrars have decided to display some registrant data. Can they do this?

Some registries/registrars, particularly those who sell and provision ccTLDs, are not subject to ICANN’s contracts or policies. Furthermore, some have determined that certain elements in WHOIS, such as registrant email address, may be published without violating GDPR based on local law. Registrars should follow their own legal counsel’s advice on this matter.

How will the changes to WHOIS impact MarkMonitor’s ability to enforce IP rights?

Without registrant information from WHOIS, our ability to perform reverse domain name lookups and anonymous domain name acquisitions will be hindered. We will still be able to do website enforcements, but they will require more effort on the part of analysts to find reliable registrant contact data on infringing websites to enforce. However, other services will remain unaffected.

What efforts are underway to mitigate the impacts of WHOIS on enforcement efforts?

After assessing the impact of GDPR on our services, we’ve devised three solutions to deal with this. Firstly, we are hiring additional brand analysts to assist with the manual effort required to search websites for registrant data. Secondly, we’re deploying technology to help find other data that can be used to determine the identity of the registrant. Finally, we’re engaging with third parties to assist in our efforts to identify IP infringement.

How long will WHOIS remain in this redacted form?

No one knows – at least for several months. A large part of the delay lies in the creation of an accreditation and access model, which would allow relevant parties to view the full WHOIS data that’s shielded from the public.

Members of MarkMonitor’s GRM team are actively participating in advocacy efforts at ICANN, with other corporations, associations and non-profit organizations, to design, develop and implement an access model as soon as possible. However, even once a model is approved, implementation will likely take around nine to twelve months.

What resources can we show our clients who have questions around GDPR and its impact on IP enforcement?

MarkMonitor’s VP of Global Policy, Statton Hammock, recently gave a talk in New York which includes lots of useful information and insights on the topic – you can watch the recording here.