It’s 2024. UDRP Complainants must stop making an argument that’s no longer true.
John Berryhill won another UDRP this week. While there’s a lot I could write about his successful defense (pdf) of the domain name transco.com, I want to focus on one of the Complainant’s arguments that bothers me.
Many complainants argue that the registrant’s use of Whois privacy suggests they registered the domain in bad faith. Transco Railway Products Inc. made that argument in this case.
There might have been a time when this argument had some inkling of truth, but that was a long, long time ago.
Ever since the European Union’s GDPR regulation went into effect in 2018, most registrars have added Whois privacy by default.
Yet complainants still say Whois privacy suggests the domain owner is trying to hide their identity because they’re up to no good.
I imagine complainants are just checking a box of all of the possible reasons a domain owner could be found to have registered a domain in bad faith. But throwing a flawed argument into a case should hurt the case.
In the case for transco.com, the panel wisely noted this:
The Panel has considered and found unconvincing the Complainant’s argument that the Respondent’s use of a privacy service when registering the disputed domain name evidences bad faith. The utilization of a privacy service is a standard, if not default, feature of contemporary domain registrations.
This is the first time I’ve seen a panel succinctly make this point; more panels should do so.
I reached out to Berryhill to ask him what he wrote about Whois privacy in the response. He provided this excerpt from his response:
The WHOIS argument is a relic of UDRP days gone by. The last major update to the UDRP Rules was in 2013, in which UDRP Rule 4(b) was expressly amended to what is now the common practice:
“Any updates to the Respondent’s data, such as through the result of a request by a privacy or proxy provider to reveal the underlying customer data, must be made before the two (2) business day period concludes or before the Registrar verifies the information requested and confirms the Lock to the UDRP Provider, whichever occurs first.”
The registrar has complied with UDRP Rule 4(b) and the Respondent has complied with its obligation to provide accurate contact information. The UDRP Rules have been that way for over ten years now, and it is time to retire this silly argument, particularly in view of the fact that many registrars now provide no choice in the matter and automatically apply the ICANN Temporary Specification implementation of GDPR to all domain registrations by default.
Amen.
Mike says
Well Infact when someone used that argument against me, I checked The Complainant’s existing domain and found that they themselves used Privacy on their domain. What’s that word , Hypocrisy.
John Berryhill says
Even better:
Domain Name: wipo.org
Registry Domain ID: cdecf5650cdd4110b207c966aa1c5830-LROR
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://www.networksolutions.com
Updated Date: 2023-07-15T16:02:41Z
Creation Date: 1993-07-16T04:00:00Z
Registry Expiry Date: 2028-07-15T04:00:00Z
Registrar: Network Solutions, LLC
Registrar IANA ID: 2
Registrar Abuse Contact Email: domain.operations@web.com
Registrar Abuse Contact Phone: +1.8777228662
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: International Computing Centre
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Geneva
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: CH
Andrew Allemann says
haha
Fyou says
Your “industry” is only alive because of loopholes such as this one. The real business and trademark owners behind these names are the ones who should inherit these sites, not a bunch of lazy asses abusing the system and waiting for a sale to be made while cybersquatting on someone’s else genuine entrepreneurial efforts and property.
Observer says
Hey Fyou…
Who’s entitled to United.com?…
United Airlines, United Van lines, United Federal Credit Union?
And who’s entitled to SouthWest.com?…See the problem?
Steve GOBIN says
There is a difference between whois records that hide the registrant’s details because of GDPR and whois records where the actual registrant’s data or some of them have been replaced with the registrar’s data or the data of an affiliate of the registrar, which is a whois privacy or whois proxy. If the registrant’s data are hidden because of GDPR, it is indeed no argument for proving a bad faith, but the same cannot be said when the registrant uses a whois privacy or proxy service.
Almost each time a domain name is used for a phishing website, a website that sells counterfeits or or other illegal products or anything of that kind, one can be sure that the domain name is registered with a whois privacy or a whois proxy service.
Drawing the conclusion of the registrant’s bad faith just because such a service is activated on a domain name is not relevant but in some contexts like the above ones, it is indeed an argument that demonstrates the registrant’s bad faith.
Andrew Allemann says
Sure, but many registrars are just using their Whois proxy services as the default for Whois rather than obscuring specific data. GoDaddy does this. The Whois record for domainnamewire shows DomainsByProxy. I haven’t asked for this; GoDaddy does it by default.