Is anyone else struggling to remember a time before the GDPR? It’s only been a few weeks since the regulation came into effect, but there have already been plenty of developments in the brand protection field – so much so that it’s hard to imagine a pre-GDPR era.
Before the GDPR officially came into effect, the majority of conversations in the domain name industry centered around the display of registrant information within WHOIS – how much would be publicly available, and how much of an impact would this have on brand protection efforts.
Unfortunately, while there has not been a total WHOIS blackout, our predictions regarding the absence of vital registrant data have largely come true. Only a tiny percentage of information is now available to the public, and this has had a considerable effect on brand protection professionals.
Challenges around requesting data
Technically, any party that has an interest in looking at shielded registrant information via WHOIS, like MarkMonitor, is able to request access provided it’s for a ‘legitimate purposes’. But there’s an inherent flaw here: domain registries and registrars are free to interpret what is or isn’t a legitimate purpose as they wish. While one might gladly pass over the information a party requests, the other might flat out refuse to budge.
This is why the discourse is now focused on a proper, centralized, accreditation and access model. The lack of definition around who is entitled to what information has been incredibly frustrating for brand protection experts and agencies – and we’re only just over a month into the post-GDPR era. With a universal access model, requirements for access will be consistent and so all requesting parties will know where they stand, and legitimate brand protection efforts will be much easier to carry out.
The good news is that work is underway to create and implement a unified accreditation and access model. At a meeting in Panama City last month, ICANN presented its own ‘unified access model’ for consideration, and while it forms a decent foundation, it was fairly skeletal with no real meat on the bones.
Working toward a solution
At MarkMonitor, we’ve spent the last few months working with other companies, organizations, privacy counsel and cybersecurity agencies on a version of the model, and it’s something we’re keen to integrate into ICANN’s framework to create something more concrete and satisfactory for all parties. But this will require close collaboration with ICANN itself, which could prove to be a lengthy process.
And herein lies the bad news, which is that it will be a considerable period of time before we finally see a uniform accreditation and access model in place. There will undoubtedly be various rounds of feedback, amendments and approvals before we’re left with something that is solid enough to work with. However, this model has the potential to make brand protection exponentially more efficient than it currently is, and so it’s something worth waiting for – and working for.
The current brand protection landscape is treacherous to say the least, with the instant repercussions of GDPR making consumer protection more difficult. But it looks like there are brighter days ahead – all that’s required is patience, a willingness to collaborate, and perseverance.