10 Tips for Online Brand Enforcement and Policing Post GDPR
You’ve just learned someone registered a domain nearly identical to yours, or is using your brand online to sell similar products or offer related services. What do you do? A few months ago, you probably would’ve checked who owns the domain by examining the WHOIS information, extracted the relevant contact information, and reached out to the registrant, and/or taken steps to get the domain taken down or transferred. But as of May 25, 2018, it’s going to take a little more work to pin down the owner.
WHOIS can be a great tool—letting you check whether it’s an errant domain registered by your employees or partners, a fan page, a professional domainer/cybersquatter or something more sinister, like a bad faith actor, someone distributing malware or hosting a phishing site. Of course, the WHOIS model was never perfect and too often brand owners would hit a dead end because a domain is privacy protected. But with the implementation of the European Union’s General Data Protection Regulation (GDPR), aimed at standardizing privacy laws, domain privacy protection is now the norm, even for those outside the EU.
Registrars complying with the GDPR have significantly limited publicly available registrant contact information. The identifying data, including a registrant’s name, physical address and phone number, among other details, are redacted, unless a domain owner consents to publication of that information. The folks in charge (ICANN) have a temporary solution in place (called “the Temporary Specification”) which enables brand owners to provide an anonymized email address or web form that masks the identity of the contact, among other changes. That said, the Temporary Specification is truly temporary, since it expires next year, and is merely a Band-Aid fix, with those in the industry questioning the model’s efficacy.
But brand owners looking to quickly enforce their rights still have an arsenal of tools available at their fingertips. Here are 10 tips for protecting your brand in the new landscape:
Remember that registrant information has not been redacted worldwide, so always start by checking the WHOIS to see if there are any details available.
Search social networking sites for relevant profiles, email addresses or phone numbers—worst case, use the social networking sites’ messaging platform to reach out to the domain owner.
Check historical WHOIS data—for now at least, pre-May 25 domain ownership information may still be valid and helpful.
Use shared IP addresses connected to the domain you’re looking into to find other related domains and the corresponding registrant information.
Look at website metadata to uncover contact information.
Ask domain registrars for contact information (you’ll need to explain why this information is going to help you protect your brand).
ICANN-accredited registrars are required to provide a point of contact for reporting abuse—look for this information on the registrars’ homepage and let them know what’s going on.
File Uniform Domain Name Dispute Resolution Policy (UDRP) or Uniform Rapid Suspension System (URS) complaints against an unknown defendant and have the registry/registrar send registrant contact information to the UDRP/URS provider directly.
As a last resort, consider filing suit—you can file a complaint against an unknown defendant and use the discovery process to obtain the registrant contact information.
If all else fails, or you’re looking for help with a domain problem, don’t forget that there are plenty of firms and vendors routinely handling issues like these. Fenwick & West can help guide you through domain disputes, or assist with developing and implementing a strategy to protect your rights in the ever evolving online landscape.