Despite legitimate concerns over how the European Union's General Data Protection Regulation (GDPR) will impact domain name disputes, there is good (albeit perhaps obvious) news: Trademark owners will still be able to file complaints under the Uniform Domain Name Dispute Resolution Policy (UDRP).
"Separate from GDPR-related challenges brand owners are likely to face in broader enforcement terms, in principle brand owners’ ability to actually file a UDRP case should not be restricted post GDPR," according to an email from Brian Beckham, head of the Internet Dispute Resolution Section at the WIPO Arbitration and Mediation Center.
Renee Fossen, director of arbitration at the Forum, indicated a similar perspective, writing in an email that a so-called "Temporary Specification" adopted by ICANN on May 17, 2018 (discussed further below) will allow UDRP providers to "to accept complaints... even if the Complainant does not have the contact information for the Respondent."
In other words, the UDRP lives on, even though the GDPR will prevent public disclosure of much information in many whois records for domain name registrations.
Indeed, Beckham notes that "the UDRP has proven to be a flexible dispute resolution mechanism framework adaptable to an evolving DNS [domain name system]."
ICANN's Temporary Specification
But in adopting the Temporary Specification, ICANN has facilitated the UDRP-filing process after the GDPR goes into effect on May 25, 2018.
In particular, the Temporary Specification states that a complaint will not be deemed defective if it fails to contain the name of, and contact information for, the registrant. In such cases, a trademark owner "may file a 'Doe' complaint and the Provider shall provide the relevant contact details of the Registered Name Holder after being presented with a 'Doe' complaint."
As with those complaints against privacy and proxy services (in which trademark owners have long filed UDRP complaints against entities that mask the identities of underlying registrants), "Doe" complaints under the GDPR will "be accepted by a [UDRP] provider for processing and compliance review," Beckham says.
The Temporary Specification also makes clear that a registrar must provide a UDRP provider (such as WIPO or the Forum) with the full registration data for all domain names in a complaint after the UDRP provider notifies the registrar of the complaint.
In addition, Beckham indicates that "UDRP providers have a reasonable and legitimate purpose to relay registrar-provided WHOIS data to filing complainants." So, presumably, trademark owners will learn the identity of (and contact information for) registrants after filing a UDRP complaint.
(The Temporary Specification includes similar language for complaints under the Uniform Rapid Suspension System (URS).)
This framework is helpful for trademark owners, but it's an incredibly awkward process that still imposes significant restrictions and may create extra work under tight deadlines to amend a complaint based on facts that can be learned only after filing.
Plus, it's far from clear how quickly registrars will disclose the requested data to UDRP providers and whether registrants or others will object to the providers disclosing that data to complainants.
In any event, the process created by ICANN's Temporary Specification is indeed temporary, because ICANN must reaffirm it every 90 days, for up to one year. In the meantime, at least, the process for actually filing a UDRP complaint will remain largely unchanged, though I suspect we're about to see a significant spike in the number of complaints filed against "Doe."