How GDPR Puts Pressure on Domain Name Disputes

In May of 2018, the GDPR or the European Union General Data Protection Regulation was discussing the impact on domain name registration through WHOIS with ICANN. This will impact domain name disputes with the UDRP or the Uniform Domain Name Dispute Resolution Policy. This encompasses the way to reverse WHOIS API and how cyber squatters are pursued by the owners of the domains.


According to the UDRP, a single complaint can include multiple domain names provided they were registered by the same domain name holder. The identification of additional domain names for complaints is challenging because their is no reverse WHOIS service available to the public to locate related domain names but a reverse WHOIS search can be done at This is because multiple aliases are used by cyber squatters when registering domain names. The true identity of the registrant can be hidden with proxy and privacy services.

If a trademark owner uses a public dispute policy to identify a domain name they want to pursue, they do not know the registrant. This makes it almost impossible to locate additional domain names from the same registrant. This decrease the amount of domain names in each complaint. More complaints must be filed to pursue the domain names or pursing additional names must be dropped. The process is less effective, requires additional time and is more expensive. For more details please visit

Bad Faith

The domain name disputes for UDRP complaints require proof the domain names were registered and used in bad faith. This often requires a pattern of conduct. According to the UDRP this requires two abusive domain name registrations. It is smart to research the previous decisions of the UDRP prior to filing a complaint to determine if cases have been lost by the cyber squatter. These cases should be cited in the complaint. This is where a reverse whois API is effective. The search tools will not disappear under the GDPR. The issue is figuring out what to search for is impossible if the identity of the registrant is unknown. This will not make it impossible to prove the bad faith element, but it makes it a lot more of a challenge.

The Rights or Legitimate Interests

Another necessary element of a UDRP complaint is proving the registrant of the domain name did not have legitimate interests or rights regarding the domain name. This is one of the most overlooked and challenging requirements because a negative must be proved by the owner of the trademark. According to the WIPO overview, the burden of proof regarding UDRP proceedings is placed on the party making the complaint. The panels have admitted proving legitimate interests or rights lacking for the respondent often result in the impossibility of proving the negative. The necessary information is often unattainable by the respondent.

The GDPR has made it even harder to prove this element. If the domain name registrant is unknown, it can be impossible to determine if the registrant has been known according to the domain name. This is one way the UDRP enables the registrant to prove they have legitimate interests or rights.