Last October 2019, ICANN formalized the end of the WHOIS system in a letter addressed to Registries and Registrars, starting a negotiation process for the incorporation of the Registration Data Access Protocol (RDAP) into the Registration Data Directory Services, amending the Base gTLD Registry Agreement.
The RDAP was originally developed in 2015 by the Internet Engineers Task Force as a possible substitute to the WHOIS system. The RDAP presents significant advantages compared to the WHOIS, such as support for more languages and scripts, higher data security, and finally, compliance with the current privacy legislation. Crucially, the new protocol comes with the ability to provide limited access to authorized subjects with a verified legitimate interest, thus finally providing an answer to the GDPR requirements.
Unfortunately, the registration data provided by RDAP will most likely not include anything more than what currently available under the temporary specification adopted for the WHOIS as a result of the GDPR implementation. The matter of legal persons’ data (e.g. the sole proprietorship issue, other company information and generic emails) is still under discussion and might result in the only relevant difference between the two systems, at least from the perspective of IPR protection.
According to ICANN’s schedule, the full implementation of the RDAP will come into force after a negotiation period followed by public comments and the drafting of the final agreement by ICANN Board, thus effectively terminating WHOIS’s journey by May 2020.
What are blindfolded UDRPs?
The significant weights the GDPR indirectly imposed on the UDRP by de-facto forbidding access to registrants’ data in the WHOIS will still last with the implementation of the RDAP. In the absence of registration data, IPR owners are now resorting to filing “blind folded” UDRPs with WIPO, indicating as a defendant the data set currently provided by the WHOIS (e.g. PRIVACY REDACTED), not differently from cases where the registrants’ data would have been protected via proxy or third parties’ privacy services.
As previously described in our guide “Filing A UDRP In A GDPR Protected Universe”, Trademark owners might also contact domain registrars directly to request (partial) disclosure of the registration data of the subjects infringing on their IP. The disclosure would necessarily require a prior balancing test between the complainant’s legitimate interest in the data and the fundamental right and interest of the data subject in keeping his or her privacy intact.
Costs of the UDRP procedure and possible refunds when the WHOIS is hidden.
Filing a UDRP against a defendant whose privacy is protected under the GDPR can present additional costs for the trademark owner already in the preliminary phase of the dispute. To move a dispute against an unknown registrant would significantly limit the complainant’s ability to assess the absence of the respondent’s right or legitimate interest in respect of the disputed domain name, in accordance to what is mandated by paragraph 4(a) of the UDRP. Such task could be significantly demanding for corporations that do not follow specific guidelines for centralized domains registrations and domains portfolio administration.
For cases where the information provided by an RAA compliant registrar would lead to the withdrawal of the UDRP complaint (e.g., when the registrant would turn out to be the trademark owner’s authorized licensee), WIPO (and no other UDRP Provider) provides the possibility for a refund of a 1.000 USD. The current cost for filing a UDRP before a single-member panel is 1.400 USD (that is the case for transfer requests of 1 to 4 domains), and 4.000 USD for cases requiring the assessment of a three-member panel.
In the absence of registrants’ identifiers, it became increasingly important for major corporations to have a well-established central administration of their domain portofolio. At Thomsen Trampedach, we take pride in providing global industry leaders with the best expertise for the recovery and deletion of domains subjected to cybersquatting or similar illicit activities. For more information on how we can help you protect your IPR in on the Internet please visit: ONLINE BRAND PROTECTION SERVICES
 See https://www.icann.org/rdap
 See also WIPO Center, Informal Q&A concerning the GDPR as it relates to the UDRP, available at http://www.wipo.int/amc/en/domains/gdpr/?utm_source=WIPO+Newsletters&utm…