In 2018, the European Union enacted the General Data Protection Regulation (GDPR) on data protection and privacy; however, after over two years following the global redaction of most public Whois data in response to the GDPR, ICANN still has yet to deliver a standardized system for access/disclosure (SSAD) to non-public domain name registration (Whois) data.
Tired of not being able to tell who is behind an infringing or counterfeit website? Apparently so is the U.S. Government. Buried deep within the Consolidated Appropriations Act of 2021, which was the longest bill ever passed by Congress (5,593 pages) and is better known for its coronavirus relief, the legislation contained an accompanying document that has caught the eyes of and provides a glimmer of hope for intellectual property owners. Specifically, the document includes a Domain Name Registration section that directs the National Telecommunications and Information Administration (NTIA), through its position within the Governmental Advisory Committee of ICANN, to “work with ICANN to expedite the establishment of a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information for legitimate purposes.” It goes on to encourage NTIA “as appropriate” to require Registries and Registrars based in the U.S. to collect and make public accurate domain name registration. While this document and these directives are not mandated by the Act, they do guide the NTIA as to how the money it has been allocated should be spent. Perhaps more importantly, it clearly demonstrates Congress’ expectation that ICANN promptly produce a global Whois access model and suggests it may take matters into its own hands, at least vis-à-vis U.S. Registries and Registrars, if ICANN fails to act.
In addition to trying to finalize the disclosure system, ICANN is also working to finalize recommendations regarding other important Whois issues, such as whether to require distinct treatment of data of natural persons versus that of legal entities (whose data is not subject to GDPR), and whether additional Whois data fields which are currently redacted could be made public given they do not constitute personally identifiable information under the GDPR (i.e., registrant city field).
Given the spike in online shopping due to the COVID pandemic, we can only hope this legislation may be the catalyst ICANN needs to get the SSAD across the finish line to assist retailers, manufacturers, and other IP owners in their fight against online infringers and counterfeiters. Only time will tell.