The changes to the European privacy laws, earlier
this year, has brought about a real set of challenges to the enforcement of
trademarks. Much like an Eephus pitch in
baseball[1], the General Data
Protection Regulation (GDPR), first initiated in 2012, has made its slow
journey with passage in May, 2018, causing a real scramble in the IP community. It did so by making the personally
identifiable information on the WHOIS database inaccessible, leaving
trademark owners struggling to figure out how to track down infringers.
GDPR regulates
the privacy and data of individuals in the EU. With the passage of these
regulations, it attempts to ensure that individuals in EU be guaranteed:
- Protection of the individual’s data by requiring that it not be publicly available
- Ease in transferability of their data from one provider to another
- A right of erasure of your information
- Notification in case of breach of their data
If you are a
US based company that:
- Provides goods and services to the citizens of EU, or
- Has a web presence/provides marketing material online targeted to the EU citizen located in EU (e.g. presented in the country’s local language and targeted to the citizen of that country), or
- Accepts local currency. (See Forbes).
How does it
affect trademark owners?
Due to the
regulatory changes under GDPR, data that was crucial in identifying trademark
counterfeiters will no longer be easily accessible due to stricter privacy laws.
The information that identifies all domain name
registrants is stored on the WHOIS database. This database is regulated by ICANN (Internet Corporation for Assigned Names and Numbers).
This database maintains a list of a domain registrant’s name, email, telephone and physical
contact information. ICANN has traditionally entered into contractual agreements with
domain registrars which ensured that such information of the registrants on
their domain be listed and accessible. Therefore, the very purpose and
nature of WHOIS for trademark owners roots from the accessibility to information available in that database. Although it has long been argued that the system is flawed as it had become very
easy for registrants to provide false information, uptil now, this database served
as a first point of contact with a trouble making registrants (source of
malware or counterfeiters, etc). Nonetheless,
it served as a viable course of action to deal with counterfeiters/ infringers. A trademark owner could initiate the enforcement
process by investigating and sending a cease and desist letter to the counterfeiter’s associated email address, for example, found on the WHOIS database.
Now, GDPR has thrown
a real wrench into that by safeguarding the contact information and not having
it be publicly available. So where does one even begin the task of finding the
infringer?
INTA is
spearheading the process in identifying methods with which domain name registrants
can be found (See Toolkit
for IP Professionals). This is a great resource to start with.
In short, it is going to be a long and challenging path for trademark
owners, as many more resources will need to be used in order to obtain the
information of such counterfeiters.
This one is best chalked off as a "to
be continued"....
[1] a slow junk pitch that requires the batter to unexpectedly bring all the force and thus throwing the batter off his/her game
