The GDPR Created a 'Wild West' for Website Domain Registration
ICANN's working on some new rules, but until they're finalized, intellectual property holders and law enforcement have had a tough time getting information on bad actor website owners.
September 26, 2018 at 05:00 AM
5 minute read
The May 2018 implementation of the General Data Protection Regulation (GDPR) was a win for online privacy advocates, particularly with the “right to be forgotten”—the GDPR's declaration that European Union citizens can request to pull their data from online hosting.
But there's one area that some attorneys say the increased privacy has made their lives harder: Internet domain hosting. Since the GDPR's implementation, the “WHOIS” service by which the general public could search registration information—including names and contact info—has been largely in a state of flux. It's now even tougher to find information, attorneys who work with domain registration say, which could concern intellectual property holders who want to go after infringing websites.
|No Easy Information
Missing WHOIS information has always been a problem; there are few enforcement mechanisms to ensure that people who sign up for a website actually disclose correct information. The regulating nonprofit organization ICANN (The Internet Corporation for Assigned Names and Numbers) reported this year that inaccurate WHOIS complaints accounted for more than 60 percent of informal complaints filed with registrars between June 2017 and June 2018.
But with the GDPR, that problem could be exacerbated. John McElwaine, partner at Nelson Mullins, said the domain registration process itself hasn't changed, just what you can see afterwards. Currently, he explained, “even if you don't ask for a privacy or proxy registration, there's going to be no ability to see who registered that domain name.”
The result is a Wild West scenario. “It's a registrar by registrar basis in terms of how much information they're allowing for non-EU individuals,” McElwaine added. “A lot of them don't even want to bother with having to mine their records for that type of data, so they are blocking even people that GDPR doesn't apply to.”
International organizations such as ICANN have long been the stewards of this type of information; it was ICANN that was largely behind the introduction of new top-level domains in 2012. But currently, said Husch Blackwell attorney Caroline Chicoine, ICANN is “waiting to see what they're obligated to do under the law and what not, and if there's ways to allow people to request the information for legitimate reasons, and then deciding what those legitimate reasons might be.”
Those legitimate reasons currently include intellectual property concerns, as well as criminal activity for law enforcement. On May 17, 2018, ICANN adopted a Temporary Specification for gTLD Registration Data, aimed at bringing WHOIS in line with the GDPR and allowing a mechanism by which rights holders can ask for information. But the key word there is “temporary,” as the expedited policy development process will not be finalized until one year from the GDPR's implementation, May 2019.
|Issues for IP Holders
So what are rights holders left to deal with in the interim? “Right now, if there's a website with infringing content, whether it's pirated movies or music or it's the sale of counterfeit products, there is no easy way,” said McElwaine. “You used to be able to just look it up, and if there was a privacy or proxy, you could write a letter or fill in a form. If it was a responsible service, it would trigger a requirement that the registrant at least respond to you, or else their information was going to be disclosed. Now, that does not happen, although some registrars are setting up a similar form.”
McElwaine said the process now takes extra steps, as IP holders need to try and find other access points into an infringing party like contacting the hosting company or the registrar of domain name and explain why information should be disclosed.
If all else fails, one could file a UDPR (Uniform Domain-Name Dispute-Resolution Policy) complaint with ICANN, which McElwaine said have been on the rise since May. Chicione agreed, saying that proxy services, where registrars placed themselves as a domain owner in WHOIS, have long been an issue for finding out information, and now those who want to withhold information have even more ammo to hold out against a request.
“We're used to not knowing, but at least in that case, you could file a UDRP against GoDaddy, and they'll say, 'No, it's not us who's the bad guy. Now we'll disclose.' … But even that takes time and money for companies to get that information. We would like to not have to file UDRPs every time to figure out who's behind a domain name,” she said.
And the extra steps add up. “It takes time to write a report to ICANN. It's not a complicated thing and it's not a time-consuming thing, but it does take more than a minute to go into the site and submit a complaint,” Chicoine added.
While these new rules are being finalized, Chicoine stressed that companies should be collecting data to show to ICANN and other organizations exactly why withholding registration information is an issue. She said to “think of ICANN like the U.S. government,” and to prove any point, “we need the data to back up that this is a problem, that this is not just normal brand policing.”
She added, “If you want policies in ICANN that allow you to have legitimate interest to reveal who it is, we need to show them that right now there is a lack of that, what the consequences of that are, and the problems that it creates.”
McElwaine noted that it's important to point out the uptick in mischief and scams being run with this hidden information as well: “That was trending up already, and now the regulators have ironically given cover for people to steal information.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250