GDPR Aftermath: The Effect of the EU’s Data Protection Regulation on UDRP and Related Proceedings

On May 25, 2018, the General Data Protection Regulation (GDPR) took full effect across the countries of the European Union, with unknown (and highly anticipated) effects on UDRP and related proceedings. In the days leading up to May 25, 2018, many trademark owners prepared and filed UDRP complaints for most, if not all, troublesome domain names of which they were aware. For many trademark owners, this spike of enforcement activity was undertaken because of the significant doubt and fear as to whether new UDRP proceedings could be successfully initiated after May 25, 2018, when access to WHOIS information would be limited by Registrars.

Two months into the implementation of the GDPR, we thought it might be an appropriate time to provide comment on our experiences in the UDRP enforcement arena. At this point in the GDPR life span, we have filed eight UDRP and CDRP (CentralNic Dispute Resolution Policy—a somewhat lesser known specialized version of the UDRP) complaints on behalf of clients with The Forum (formerly known as The National Arbitration Forum). Of these eight proceedings, two have seen the issuance of orders transferring ownership of the contested domain names to our client(s), and six are pending decision. These complaints have included registrants with publicly available WHOIS information, registrants using privacy protection services, and registrants whose information had been entirely shielded by their Registrar. For registrants whose information had been entirely shielded, we simply listed the registrant as [Registrant] in the complaint. This method of naming the equivalent of a [John/Jane Doe] has been acceptable to The Forum and the corresponding Registrars.

Despite loudly voiced and justifiable concerns on exactly how the GDRP implementation would limit access to WHOIS information and, in turn, how that implementation would create barriers to complying with the UDRP’s requirements, we have not yet encountered any significant issues beyond the minor setback of having to file an amended complaint after WHOIS information is provided by the Registrar. In our experience so far, for each of the complaints filed after May 25, 2018, the WHOIS information has indeed been provided by the Registrar to The Forum and passed on to us for amending the Complaint.

Another minor obstacle has been the lack of information regarding the registrant’s country of residence at the time of the filing of the original complaint. This missing/hidden information makes it more difficult to draft an argument on the language of the proceedings, if the Registrar’s agreement is in a language other than English.

In summary, two months into the implementation of the GDPR requirements, and at least for the time being, UDRP complaints and UDRP proceedings continue to be an effective way to deal with the never-ending supply of nefarious “trademark-entrepreneurs” who are in the business of incorporating the brands of trademark owners into their domain names for malicious purposes.

The word on the street from the below-identified practitioners at Lewis Roca Rothgerber Christie LLP is that the additional obstacles, infused into the UDRP process by the GDPR, are annoying but manageable.