The European Parliament, the Council of the European Union, and the European Commission have enacted a new data privacy regulation in 2016 entitled the General Data Protection Regulation (GDPR) that will likely be adversely impacting the ability of brand owner to police their marks.  The new regulation is scheduled to take effect on May 25, 2018 and, while the regulation aims to harmonize data privacy laws across Europe, GDPR is poised to have major implications worldwide because it not only applies to organizations located within the European Union but will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location.

How will GDPR impact brand owners and trademark enforcement? With respect to brand owners and trademark enforcement on the Internet, because GDPR deals specifically with data privacy, implementation of GDPR is set to impact access to Whois information, the domain name systems repository for publically available domain name registration information.  As the Internet Corporation for Assigned Names and Numbers (ICANN) determines how to revise its Whois policy to ensure compliance with GDPR one possible initial impact of GDPR is that on May 25, 2018 access to Whois information could be shut off entirely or anonymized to ensure full compliance with GDPR while ICANN and the ICANN community determine an appropriate and workable GDPR compliance model.  Moreover, the post GDPR landscape will almost certainly change a brand owner’s ability to access Whois information and the amount of useful information available.  It would not be surprising to see a significant uptick in counterfeiting, phishing and other fraud perpetrated by exploiting this new weakness and consumers’ trust in brands.

What are the next steps regarding GDPR?  As members of ICANN’s Intellectual Property Constituency group we are actively involved in ICANN’s policy development process and are currently engaging with ICANN in a review of the proposed compliance models.  The ICANN community is scheduled to hold a meeting in March 2018 in San Juan, Puerto Rico where it is expected GDPR will be a heavily debated and discussed topic as this is the last ICANN community meeting prior to GDPR’s May 25, 2018 effective date.