In a Q&A on how the European Union’s (EU) General Data Protection Regulation (GDPR) impacts domain name disputes, the World Intellectual Property Organization (WIPO) has reiterated its intent to provide details about domain name registrants to trademark owners after a complaint has been filed under the Uniform Domain Name Dispute Resolution Policy (UDRP).
This written guidance from WIPO confirms my earlier blog post on the same topic, "Despite GDPR, UDRP Survives."
Specifically, WIPO says:
In order to give effect to the UDRP, UDRP providers have a reasonable and legitimate purpose to relay registrar-provided WhoIs data to complainants in pending UDRP proceedings so as to provide an opportunity for complainants to make substantive and/or procedural amendments as appropriate (an accepted practice today concerning privacy/proxy services named as respondents).
In other words, even though a trademark owner may not know the identity of a domain name registrant when the trademark owner files a UDRP complaint, WIPO plans to disclose the registrant's identity to the trademark owner after the complaint has been filed.
WIPO likens this practice to its longstanding procedure of disclosing the identity of so-called "underlying registrants" of domain names otherwise masked by privacy or proxy services. In those cases (which are neither new nor uncommon), WIPO typically "provide[s] any disclosed underlying registrant information to the complainant" after "timely receipt from the registrar (or privacy or proxy service) of information relating to an underlying or beneficial registrant," according to the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition.
Adopting the same practice post-GDPR (now that most identifying information in domain name whois records is often withheld) will certainly be helpful to trademark owners. Although obtaining registrant data before filing a complaint obviously would be much more helpful, obtaining it later will enable trademark owners to amend complaints as necessary to add additional arguments on both substantive (such as bad faith) and procedural (such as consolidation) issues -- new challenges that have arisen thanks to the GDPR.
Of course, WIPO's practice depends on cooperation from registrars, which, under ICANN's so-called Temporary Specification, "MUST provide the UDRP provider with the full Registration Data for each of the specified domain names, upon the UDRP provider notifying the Registrar of the existence of a complaint, or participate in another mechanism to provide the full Registration Data to the Provider as specified by ICANN."
WIPO already anticipates (or, perhaps, has seen) something less than full cooperation from all registrars, stating in its Q&A that it "may look to ICANN for compliance assistance" if a registrar fails to disclose full data on a registrant (or imposes additional burdens) in a UDRP proceeding.