Author: Andrea Cappai

This article first appeared in Bugnion Journal – To view the Journal in full click here

Anyone who was involved in online trademark protection before May 25, 2018 knows only too well that the WHOIS system, albeit flawed by technical and legal inconsistency among the different TLDs, was a vital vital tool for pursuing the difficult goal of protecting IP rights.

The “WHOIS”, a contraction of the English words “Who is”, enables (or, enabled) anyone to identify the owner of a domain, worldwide and 24/7; it granted access to data on millions of domain names to corporate IT departments and law firms (but also to spammers and other “web” bandits).

The effectiveness of the WHOIS system had already been affected by the introduction of WHOIS privacy, a premium service that allows the holder of a domain to mask the contact details and disguise the e-mail address. Yet, the cost of the service and the carelessness of many owners limited its impact somewhat.

In May 2018 the already ailing WHOIS system received the coup de grace with the implementation of the EU General Data Protection Policy; the “GDPR” is the legal framework for personal data protection and privacy for all individuals within the European Union, and applies to any company involved in the movement, processing or storage of personal data of EU citizens, regardless where the company is located.

Indeed, this huge database crammed with the personal data of domain name holders, many of them being EU citizens, was utterly GDRP not-compliant.

In view of the high sanctions and the technical difficulty of establishing whether domain data belongs to an EU citizen or not, many registries have decided to be on the safe side by simply not providing data to WHOIS. What was originally intended to protect the privacy of EU citizens has turned into a terrific gift for cybersquatters and scammers in the rest of the world.

The main stakeholders are now working on a new system of access with accreditation to the data that are today obscured. However, for now brand protection experts must send complaints to the registrar abuse contact or file court actions to get access to WHOIS data, with an increase in the costs of online brand protection.

Relevant developments are expected by the end of 2019.

© BUGNION S.p.A. – May 2019