May 19, 2020
Viewing Whois data in a post-GDPR world
Viewing Whois data in a post-GDPR world

It has been almost two years since The General Data Protection Regulation 2016/679removed access to a significant proportion of Whois data. Although the implementation of this law goes a long way to protect personal details, there is still the issue that many domain names are registered in order to take advantage of trade mark rights and often, there is no way of obtaining the registrant details. For many, the question remains whether we are any closer to regaining fundamental data lost since 25 May 2018 and what can be done during this interim period in order to circumvent the issue of accessing non-public Whois records.

ICANN 67 discussions:

The Internet Corporation for Assigned Names and Numbers ('ICANN') held a meeting (ICANN 67), which discussed some key developments around data access, particularly surrounding Phase 2 of the Expedited Policy Development on gTLD Registration Data. According to a recent debrief by the Word Trade Mark Review, there are still ongoing discussions around the integration of a Standardised System of Access/Disclosure ('SSAD'), but still no material changes to Whois data access. Some takeaways from ICANN 67:

·         Disclosure requests – there is still an ongoing request for non-public data to be disclosed by registrars at a pre-action stage of enforcement (i.e. before court or administrative action). This means many brand owners starting out the enforcement process will still have to wait until they file an official complaint, before knowing who the true underlying registrant is.

·         Anonymised emails - some guidance was provided in relation to how registrants should be contacted, using an anonymised email address (a mechanism already adopted by many registrars). As a result of the discussions, it is likely that the type of email address will continue to be fully anonymous, rather than pseudonymised, which some argue, would have at least enabled brand owners to have some intelligence to target infringers, who are registering multiple infringing domain names.

Further developments on the above points are likely to come out of the current consultation, which opened for public commentary on 26 March 2020 and will close on 5 May 2020.

Interim measures:

So, what are brand owners to do in the interim? Although access to Whois data is still largely restricted, there are ways in which brand owners can contact registrants and/or obtain wider information. Some suggestions include:

·         Registrar Whois portals - rather than accessing general Whois search engines, it is worth searching for a domain on the relevant registrar's Whois record, which may disclose the full owner information (e.g. GoDaddy, LLC).

·         Anonymised emails (where provided) – as mentioned above, registrars will offer a general email address, or web portal, that will be communicated to the registrant. However, the downside to this feature, is that the owner can choose whether to respond or not and there are often strict character limits, meaning a brand owner cannot submit a lengthy cease and desist notice to the other side.

·         Historic data - although this information gets less reliable as time goes on, it is still possible (via certain domain intelligence providers), to access historic data. If the domain has not changed substantially (e.g. registrar and host information remain the same since before May 2018), then the underlying domain owner is likely to be the same.

·         Reverse IP searching - this search function should be used with caution because not all domain names on a given server will be registered to the same owner. However, in some situations, intelligence (obtained from intelligence providers) will enable brand owners to find other domain names on the same server, which are likely to be connected to the target.

Time will tell whether further access to non-public Whois data will be more accessible for certain parties. For now, full disclosure is only limited to situations such as a) filing a local law enforcement request or b) filing a complaint through an administrative procedure such as the Uniform Domain Name Dispute Resolution Policy ('UDRP').

At Stobbs we have specialists who have a track record for recovering abusive domain names. We continue to find creative solutions for enforcement and help our clients build a wider online brand enforcement strategy.

If you need advice in relation to online brand enforcement, please get in touch with Stobbs at

Online Brand Enforcement /  Trademarks /  Domains /  Anti-Counterfeiting

Found this article interesting today?
Send us your thoughts: