In May 25, 2018, the European General Data Protection Regulations (GDPR) will enter into force and replace the European Data Protection Directive 95/46/EC that currently harmonizes data privacy laws. There is a growing concern among consumers to protect their privacy. With the constant evolution of technology and the increase in the quantity of data collected, the 1995 Directive had to be updated in order to stay relevant. One of such changes concerns WHOIS databases. Indeed, the GDPR provides new standards concerning the way WHOISes work.
The WHOIS database contains registrants’ names and contact details. Currently, ICANN is looking to replace the WHOIS system with the Registration Directory Service (RDS). Such a change will lead to different approaches regarding data storage and publication. On the one hand, judicial authorities and intellectual property practitioners wish better access to data in order to act against cybercrimes. However, on the other hand, privacy and data protection groups would rather obtain more restrictions on access and storage of data to protect the privacy of web users.
The GDPR will set the standards regarding those issues by imposing obligations upon businesses, registrars and registries. There is concern that the standards within the next generation gTLD Registration Directory Service and in the GDPR will not be compatible. Indeed, if a registrar or a registry complies with the new standards prescribed by ICANN, they might be in breach of the GDPR. WHOISes operated by registrars and registries will probably have to be handled differently, but should they follow the new provisions established by ICANN or by the GDPR? Both provide for sanctions in the event of a breach of their standards. The ones provided by the GDPR appear to be higher fines than the sanctions set by ICANN. Some registrars and registries have concluded that a breach of the next generation gTLD RDS is preferable than a breach of the GDPR.
ICANN discussed the matter at the Johannesburg meeting where it decided to create an ad hoc group to determine how WHOIS are used. The aim is to collect what they call “user stories” to assess the degree of compliance with the GDPR.
Hopefully, a solution will have been found by May 2018. Otherwise registrars and registries will have trouble complying with both the GDPR and the RDS. Dreyfus has been specialized for years in the field of domain names. Regarding this subject, we can provide legal advice on the best way to uncover the identity of domain name registrants.
Registration directly to the CIIPO: it is official; there is no prior need to register an English or European trademark in order to obtain trademark rights in the Cayman Islands. The CIIPO (Cayman Islands Intellectual Property Office) is now authorized to receive registration requests for trademarks directly.
Opposition period: it is provided by paragraph 16 of the Trade Marks Law 2016. It takes effect at the date of publication of acceptance of the application, and lasts for 60 days. Previously, a trademark in the Cayman Islands was an extension of an English or European trademark, and there was no such opposition period.
Absence of revocation for non-use: the new law still has not introduced the possibility for revocation of a trademark because of non-use (§44 of the Trade Marks Law 2016).
Temporal Applicability of the Law
For this purpose, the Trade Marks (Transitional provisions) Regulations 2017 was published on July 18, 2017. It clarifies the consequences of the new regulation on existing trademarks, pending proceedings, current infringements, assignments and transmission of registered trademarks, and licensing.
Starting August 01, 2017, existing trademarks will be transferred to the new registrar until their renewal date and they will be subjected to the new law. If the trademark is expired or pending for non-payment of annual fees, it will not be automatically transferred to the new registrar. In these instances, trademark owners will have to file for a new trademark application under the new law. Finally, pending disputes concerning a trademark registered under the old law as well as infringement cases also registered before the implementation of the new act will still be subjected to the old law.
Since the creation of the UDRP procedure at the end of 1999, law practitioners have expressed their desire for a memorandum summarizing the consensuses among UDRP decisions. The main argument was based around the classical concept of legal certainty. The World Intellectual Property Organization was receptive and has started publishing official Overviews. The third issue was announced on May 23, 2017 (version 3.0), replacing the previous one published in 2011(version 2.0). During the past 6 years, more than 17000 UDRP decisions have been rendered. In the new Overview more than 1000 decisions have been examined against 380 previously, and more than 265 panels have been quoted as opposed to 180 in the previous edition. In total, the WIPO provides solutions to about 64 issues, as opposed to 2011 when only 46 issues had been examined. Hence, needless to say that there have been some significant changes that are worth examining.
1/ The consequences of the multiplication of TLDs
Indeed, many gTLDs have been created with the launch of the new gTLDs project by ICANN. The first cycle of applications opened in January 2012. After examination, the new gTLDs were allowed on the market in October 2013. A second wave of applications is announced around 2020.
To date, these new gTLDs were neglected in the appreciation of the 3 criteria which compose a UDRP complaint. It now appears they would be of importance concerning proof of rights or legitimate interests as well as registration and use in bad faith.
According to the Overview 3.0, they would become relevant when the TLDs are “descriptive of or relate to goods or services (…), a geographical region, or other term associated with the complainant”. In this event, the choice of TLD would allow parties to argue in their favour.
The same observations are relevant for IDNs (International Domain Name) which have recently been the subject of great developments. Thanks to them, a registrant can now register a domain name that includes non latin letters or symbols. Many countries have taken the opportunity to register the extension of their country, as Qatar did for example. Panels are now taking these translated domain names into account while rendering decisions in UDRP proceedings.
2/ What evidence is relevant?
A second issue, which had remained unsolved by the Overview 2.0 to date,, was dealt with in the new version. Indeed, paragraph 4(c) of the UDRP principles lays down3 scenarios susceptible of allowing a respondent to demonstrate his rights and legitimate interests in the use of a domain name. However, there is no indication as to the type of evidence that panels would consider sufficient in order to demonstrate such scenarios. As of now, the Overview 3.0 sets recommendations to parties and has also annexed a selection of relevant UDRP decisions (WIPO Overview 3.0, para.2.5).
Thus, the OMPI lists 3 main factors that are the “nature of the domain name” the “circumstances beyond the domain name itself” and “commercial activity”. All elements are both defined and illustrated for educational purposes.
Concerning the second factor, it is said that panels look “at thedomain name and any additional terms appended to it (…), panels assess whether the overall facts and circumstances of the case support a claimed fair use”. Relevant circumstances would be, for example, looking at whether the respondent has a tendency to register domain names including trademarks, or whether internet users would be misled into believing that the website belongs to the complainant, or yet again whether the domain name is used in relation to bona fide activities.
3/ Enforcement of UDRP decisions
A third issue concerns procedure. It is the first time that the WIPO raises the question of the enforcement of UDRP decisions. The Overview 3.0 reminds us that the WIPO’s involvement ends with the notification of the decision to parties and to the registrar, the latter being subject to a contractual obligation with ICANN to execute the decision. The registrar can be held liable.
In this way, if a complainant is faced with difficulties ensuring enforcement of its decision, they can now contact ICANN. A procedure exists to ensure compliance with the decision.
4/ The relationship between the URS and UDRP procedures
The URS procedure was created to handle disputes concerning new gTLDs. As the UDRP procedure can also be used to settle such disputes it is possible for a complainant to use both procedures in order to try and achieve their purpose. The complainant may hesitate as to which procedure should be used. The WIPO specifies that a complainant can file a UDRP complaint after a URS complaint, and even while a URS complaint is ongoing, but, it is not possible to open a URS complaint if a UDRP procedure is ongoing. The reason for this is that the standard of proof differs in both procedures. In URS procedures, the complainant must demonstrate the facts by “clear and convincing evidence”, while panels do a “balance” in UDRP procedures (WIPO, D2016-1172, SRAM, LLC v. Li Qing).
5/ WIPO recommendations and reminders
Finally, WIPO warns that the Overview is destined to parties and is not mandatory for panels to follow. Panels are free to decide regarding the facts of the case in a way they deem fair. Parties themselves cannot simply copy the content of the Overview without adding any elements to their complaint.
In conclusion, the new version published by WIPO is helpful to practitioners by shedding new light on the procedures. This procedure is still complex. The drafting of a UDRP complaint requires the assistance of a specialized attorney. Dreyfus & associés has been specialized in this field for years, and will be able to provide you the advice and assistance needed each step of the procedure, which has gotten more complicated over the years.
Dreyfus & associés was honoured to welcome Jean-Gabriel Ganascia on June, 15th 2017, Professor at Université Pierre-et-Marie-Curie specialized in artificial intelligence and chairman of the CNRS Ethics Committee, in order to present his latest book « The Myth of Singularity – Should we fear artificial intelligence ? » published by Editions du Seuil.
In his book, Jean-Gabriel Ganascia focuses on artificial intelligence online. In his conclusions, he explains that the use of robots for tasks requiring the subjective appreciation of a human being would not be a perfect guarantee of efficiency. Indeed, according to him, the involvement of a human being will always be necessary. Some tasks could never be performed exclusively by artificial intelligence. For example, regarding moderation of discriminatory speech and incitement to online hatred, how could a robot make the difference between serious and ironic remarks ? Mr. Ganascia’s demonstration fits perfectly into his justification of a « Myth of Singularity », which implies that artificial intelligence is not a danger to humans and will never replace them.
Jean-Gabriel Ganascia described his work during the presentation of Respect Zone (http://www.respectzone.org), an association that he supports and that actively promotes respectful behaviour on the Internet. Indeed, the social concerns dealt with by this association answer to scientific questions related to artificial intelligence.
Dreyfus & Associés, well aware of the issues raised by NICTs, has proudly adopted the Respect Zone label. Respect Zone fights cyber-violence, harassment, racism, antisemitism, sexism, homophobia, glorification of terrorism and stigma surrounding the handicapped. It offers an ethical label, free of charge, accessible to all those who believe in respect on the Internet and who wish to adhere to Respect Zone’s ethical charter.
This procedure constitutes an efficient solution to fight abusive registration and malicious use of domain names that infringe trademark rights. Furthermore, it is expeditious and guarantees the effective execution of a domain name transfer or cancelation.
To this day, 17 000 domain name disputes have been resolved by the UDRP procedure and its related procedures.
The mandatory recourse to administrative proceedings
The requirements for the UDRP procedure are as follows:
The domain name is identical or similar and likely to cause confusion with a registered trademark of goods or services over which the plaintiff has rights
No right nor legitimate interest is attached to the domain name
The domain name is registered and used in bad faith
Administrative proceedings are compulsory in the context of a contractual relationship between the reserving party of the domain name, the registration office and ICANN ; however it does not preclude the possibility of appeal on the merits before a court of competent jurisdiction.
An appeal on merits is not excluded
Legal proceedings may be brought simultaneously, prior to or following administrative proceedings.
The UDRP procedure may be combined with legal proceedings. Res judicata only applies to judicial proceedings.
The absence of res judicata
A UDRP decision does not acquire the effect of res judicata, as confirmed by a judgement of the Cour d’appel of Paris, of November 8, 2016 whhich opposed the Swedish company Team Ranger AB and the Maltese company Stone Age Ltd to Mr. X, a business man in Yemen.
The present case concerned Team Ranger AB, a company specialised in the design of goods and services in the mobile technology sector. . The company owns a community trademark named Moobitalk, registered on February 10, 2011 in classes 9,12 and 38 which covers telecommunications.
On April 17, 2011, Mr. X, who operates a whole range of services named Moobichat and Moobitalk located in the Near East and the Middle east, registered the moobitalk.com domain name. Communications costs being particularly steep in this area, the services proposed by Mr. X enabled users to exchange at attractive rates.
Team Ranger filed a UDRP complaint with the WIPO to order the transfer of the domain name which infringed its trademark rights. On July 29, 2013, WIPO ordered the transfer of the domain name in favour of the plaintiffs.
On April 14, 2014, Team Ranger AB relinquished its right over Moobitalk to the company Stone age Ltd.
On August 27, 2013, Mr. X brought an action before the Tribunal de Grande Instance of Paris to obtain recovery of the domain name moobitalk.com arguing that he is the legitimate holder.
In first instance, the judges admitted trademark infringement.
The Cour d’appel reversed the decision considering that trademark law is governed by the principles of specialty and territoriality, which extend to the Internet. As a consequence, considering the target audience in the Near and Middle East and the extension “.com” which refers to a commercial activity without any geographical meaning, the territoriality principle is applicable. Since one of the trademarks is protected in the European Union while the other is protected in the Near and Middle East, both trademarks may coexist as they do not target the same market. This is all the more applicable since Mr. X has a legitimate interest in owning this domain name on account of the communication costs in the area, and since he demonstrated his good faith during the UDRP proceedings against him.
Accordingly, both trademarks show no sign of any risk of collusion and the judges therefore ruled in favour of Mr. X by ordering the restitution of the domain name to its original owner.
From this case it is noteworthy that the judges are always susceptible of challenging a UDRP decision. This decision is in line with Miss France and “pneuonline.com” precedents. The Miss France judgement, delivered by the Cour d’appel on June 17, 2004, held that the UDRP procedure is similar to arbitral proceedings but does not acquire the effect of res judicata. Moreover, in the “pneuonline.com” judgement, delivered on January 31, 2008, the Cour d’appel of Lyon held that the distinctiveness of a previously registered trademark prohibits registration of subsequent domain names replicating this trademark and operating in the same field. This ruling was delivered in spite of the WIPO expert decision which denied the transfer on grounds of non-distinctiveness of the earlier trademark.
Nathalie Dreyfus has been listed in the latest edition of Who’s Who Legal France 2017. She has been named amongst 30 other trademarks specialists. WWL says: “Nathalie Dreyfus is a recognised trademarks expert with considerable experience advising clients on cross-border matters. As a registered French and European trademark attorney, she is ideally placed to offer clients a comprehensive service.” WWL also highlights the firm, emphasizing the firm’s awards and the expertise of its team.
Dreyfus thanks Who’s Who Legal for having recommend us. It encourages us to keep providing work of quality.
Dot brands are on a roll (2017 – continuation of blog article n° 76 – New extensions: all set for “.brand”?)
Domain names: status of the <.brand> in 2017
In June 2011, the ICANN launched the new gTLDs program in order to boost innovation and competition. This is how we uncovered new gTLD applications in October 2013.
Surprisingly, many <.brand> applications were submitted (cf. https://dreyfus.fr/en/marques/new-extensions-all-set-for-brand/). Companies using registered brands were consequently able to apply for their own top level domain name extensions, at the same root level as the <.com>.
The top level domain name registration process is far more complex than domain name registration insofar as it is compulsory to become a registry operator to achieve the former. It is a time-consuming and expensive process and no one can, at the present time, submit an application anymore. A new round is scheduled for 2020. In order to become a certified registry operator, the ICANN would need to conduct an operational and technical assessment on an application basis. The applicant would submit its infrastructures (servers and networks) for examination in order to inspect its viability and security. In addition, the applicant would have to pay application fees of 185,000 US dollars, followed by an annual payment of 25 000 US dollars per “extension” to the ICANN. Once the assessment process is complete, the applicant would obtain the pre-delegation and sign a registry agreement (Registry Agreement) with the ICANN in order to guarantee compliance with its operating guidelines. Should the applicant not possess the technical skills, he may contact a service provider who would have to pass the operational and technical tests.
In January 2017, there were 551 <.brand> “extensions” in total. However 2016 proved to be the <.brand> year: 46% of delegated top level domain names were <.brand> “extensions”.
New gTLDs (generic Top Level Domains), and in this instance the <.brand>, are becoming increasingly widespread for a number of reasons.
First of all, the <.brand> extension implies not only better visibility on the Internet but also increased security insofar as this type of domain may only be registered by brand owners.
These top level domains enable the likelihood of confusion to be averted when the brand appears in the domain or sub-domain name. Indeed, in order to acquire a top level domain delegation, evidence of earlier rights over the brand must be provided to the ICANN. It therefore represents an effective means to reduce cybercriminality such as phishing. In that respect, one could easily speculate that websurfers will be more suspicious of domain names that have other “extensions” once they will have gotten used to the matching <.brand>. This security is an essential spur to some brands, particularly to banks as they are frequent victims of phishing. For this reason, as depicted by studies done by Alexa Internet, an American company specializing in data analysis, two of the most popular “extensions” are respectively owned by Banco Bradesco, a brasilian bank, and BNP Paribas.Barclays also recently registered the <.barclays> “extension”.
Secondly, the launch of the new gTLDs program has triggered the creation of entities such as The dot brand Observatory, whose activity is to assist brands in creating their own <.brand> extension.
Brand strategies on the Internet, in fact, have become an unavoidable issue for professionals but success is never guaranteed. By the end of 2015, The dot brand Observatory was created to assist companies in their top level and second-level domain name strategy. This research program entails a full analysis of brands registered as top level or second level domains which takes into account their environment, brand naming strategy and marketing approach. The observatory immediately noticed a rapid increase in <.brand> top level domains.
Finally, the growth of top level domains allows for better brand outreach on the Internet and facilitates access because the <.brand> extension is better referenced, in most cases leading to enhanced brand visibility. In addition, companies can provide exclusive access to their clients, employees and prospective clients, or make a single website accessible to the three user groups.
It is worth noting that nowadays many brands use the extension <.brand> for their own different purposes. According to the Dot Brand Observatory’s statistics, most brands use the <.brand> extension for their main website. However some prefer to dedicate the <.brand> extension exclusively to consumers, or only internally. Some companies use a <.brand> extension to fulfill both purposes such as <.bnpparibas>, the only company so far that has destined its’ <.brand> to its’ clients and its’ intranet users.
A new <.label> extension category has been developed around the <.brand> use. An example : the <.eco>.
The <.eco> extension was launched on February 1st, 2017, with the purpose of enabling domain name registrants who wish to use this extension to showcase their activity’s ecological awareness to consumers. The <.eco> is open to everyone willing to commit themselves to the ecological cause, whether it is an association or a company, so long as they demonstrate that it is in accordance with their actions. The project is supported by leading international organisations in ecology such as World Wildlife Fund, Greenpeace and the UNEP (United Nations Environment Programme) which have laid down strict requirements for eligibility to a <.eco> registration.
This project is shaping the future of domain names by developing <.label> extensions which are meant to guarantee genuine quality of the registrant to the public.
However, the downside of this system lies in the fact that it is possible for domain names to be reserved without yet having been activated, and while waiting for the registrant to undergo the post-registration check.
The Cour de Cassation upheld the appeal court’s decision (CA Paris, Pole 5, ch. 1, March 31, 2015), thereby confirming that the word mark “vente-privee.com” has acquired a distinctive character through use (Com. Dec. 6, 2016, n°15-19048).
On September 5, 2012, the company “Showroomprive.com” sued “Vente-privee.com” for cancellation of a trademark and fraudulent filing. The Tribunal de Grande Instance of Paris, granted “Showroomprive.com”’s application given that the word mark “vente-privee.com” did not have a distinctive character, and therefore declared the mark invalid (TGI Paris 3rd c. , 1st section, Nov. 28, 2013). However, the defendant company appealed and the Cour d’Appel reversed the judgment of first instance, considering that “vente-privee.com” had acquired a distinctive character through use of the trademark.
Showroomprive.com challenged this decision before the Cour de Cassation on the basis of Article L.711-2 of the French Intellectual Property Code (IPC), which makes it possible to pronounce the invalidity of a trademark if it does not have a distinctive character. The company maintains that, while the Article provides for the possibility to acquire distinctiveness by use of the trademark, this possibility is to be interpreted in the light of Article 3§3 of the EU Directive 2008/95/EC on trademarks and the decision of the European Union Court of Justice (ECJ, June 19, 2014, Oberbank AG, Banco Santander SA, Santander Consumer Bank AG c/ Deutscher Sparkassen-und Giroverband eV, C-217/ 13 and C-218/ 13). Indeed on the one hand, Article 3§3 of the Directive also provides for this possibility, but also allows liberty for Member States to choose the time for assessing the acquisition of the distinctive character through use: that is, before or after registration. On the other hand, the jugdment of the ECJ specifies that, if one does not use the option to assess the acquisition of the distinctive character through use subsequent to the registration, said distinctive character should be assessed if it was acquired before the application date for registration of that trademark. “Showroomprive.com” thus considers that since Article L711-2 of the IPC does not expressly provide for this option , the trademark “vente-privee.com” must be declared invalid since it had acquired a distinctive character by use only after registration.
However, the Court considers that by providing for the possibility of acquiring the distinctive character such as to constitute a trademark through use, Article L.711-2 of the IPC made good use of the option left to the Member States by the Directive. Moreover, the Cour de Cassation emphasizes the identified elements showing the acquisition, before the invalidity claim, of the distinctive character of “venteprivee.com” through its use, in particular of the media publications and a poll listing it as one of the favourite French brands.
Thus the Cour de Cassation dismissed the appeal, thus confirming the possibility of acquiring a distinctive character such as to constitute a trademark through use even after the registration date.
The fashion and design industry is gradually turning to new technologies. Designers use more and more innovative techniques in their products. What are the legal means that should be implemented to protect and defend immaterial capital, widely present in this sector?
The development of interactive clothing
In recent years, many ready-made clothing brands have used advanced technologies in their products or fashion shows such as 3D printing, augmented reality or even virtual reality. Thus, there is a strong development in smart clothing, also known as e-textiles.
For instance, the collaboration between Google and Levi Strauss on project Jacquard, a jacket made of a touch sensitive fabric used for interaction with one’s smartphone, without having to remove it. Reebok, the famous shoe and sportswear manufacturer, also designed an innovative shoe model, This pair of running shoes includes a 3D printed sole that focuses on performance and energy return.
Legal status of the innovation
These 2.0 clothes raise issues such as their protection and defence and the contractual framework of such designs. First of all, the legal status of these innovations should be identified. A technical approach is required because the connected device does not have a technical definition. Smart clothing might be, for example, brought together with medical devices defined in and intended for the following purposes: “1° For diagnosis, prevention, monitoring, treatment or alleviation of a disease; […]3° For study, replacement or modification of the anatomy or a physiological process”. Thus, sports clothing that regulates body temperature or decreases tension are covered by this definition.
Contractual framework for innovation
The author of the innovative work should then be identified. Thus, in case a textile is created by 3D printing, the person who created it may be designated as its author, as well as the person who created the 3D file. outlines the differences between works of collaboration, composite works and collective works. Thus, the different actors involved in the creation of e-textiles must agree on the scope of their respective rights.
Furthermore, prior to the disclosure of the innovation or the execution of the project, the parties involved must sign agreements governing the confidentiality of information exchanged. Parties may further consider using partnership agreements to enhance coorperation and define the obligations of each party. Such was the case, for instance, for the collaboration between Google and Levi Strauss.
Finally, fashion designers who use innovative technology must properly define the scope of their rights over the product designs so as not to overlook their protection.
Registrars and registries play an important role in operating domain names. Even though they do not register domain names maliciously and with intent to cause prejudice to a trademark, they nevertheless are not required to review registration applications before reserving the names. This explains the common cybersquatting practices. Although they have a prima facie neutral status as technical service providers, they are in fact at the very heart of cybercrime cases.
Registrars made aware of consumer protection
“The courts held that a registrar has to carry out its mandate in accordance with its accreditation agreement with the ICANN and its liability is thus limited to the framework of the agreement” (Marques et Internet, Nathalie Dreyfus). Following this logic, in a cybersquatting case for instance, the registrar approves the domain name registration and derives financial benefits from the registration even though the trademark owner’s prior rights are being prejudiced.
Its status as technical service provider implies that there is no general statutory requirement to monitor content or search for circumstances revealing unlawful acts and doings (Article 6, I, § 7 of the Law no. 2004-575 dated June 21, 2004 for a Digital Republic). By contrast, “a presumption of knowledge of the disputed facts weighs on the technical service provider as soon as information containing factual and legal grounds has been notified to them” (Marques et Internet, Nathalie Dreyfus). Indeed, when the technical service provider is informed of infringement (by letter of formal notice in compliance with the strictformality required by Article 6, I, 5 of the Law for a Digital Republic), they are legally bound to act promptly in order to deactivate the contentious domain name, failing which they may be held liable because they are presumed to have been aware of the facts in dispute.
In spite of the absence of statutory requirements and even though no notification had been made, the Tribunal de Grande Instance de Paris, in a 2006 judgement, jointly sentenced the registrant and the registrar in a cybersquatting case. Without contemplating the latter’s liability with respect to its’ client, the court found the registrar guilty of aiding and abetting with respect to unlawful activities being carried out by the registrant. Not only was the registrar ordered to suspend the disputed domain names but it was also instructed to pay for irrecoverable expenses and damages granted to the company for which the registrant was responsible, in solidum (Tribunal de Grande Instance, Paris, April 10, 2006, Sté Rue du Commerce v. Sté Brainfire Group et Sté Moniker Online Service In.). In this case, the registrant was owner of the domain names “rueducommerc.com” and “rueducommrece.com” in order to redirect web surfers who made a typo when performing a search for similar worded websites (typosquatting). However, this example is just a mere exception to the registrars’ discretionarily acknowledged liability.
Generally, registrars cannot be held liable even though some legal practitioners advocate for minimum of liability.
At all events, things are evolving and some diligent registrars have joined forces as a top level domains conformity and verification consortium : The Verified Top Level Domains Consortium. This Consortium’s mandate focuses on protecting the online consumer. Indeed, in order to build web surfers’ trust by using websites that are likely to collect personal data, including sensitive data, this Consortium ensures that the domain names are being used for honest and non-fraudulent purposes.
This Consortium was created in May 2016 by eight registrars which managed the registration of 15 vTLDs (verified TLDs) of various sectors such as pharmacy <.PHARMACY> on behalf of the national pharmacists association, or finance <.BANK>. The registrars providing domain name verification services may join the Consortium provided that they obtain consent of the founding members.
This Consortium of registrars has the responsibility to ensure that the registrant complies with various conditions alreadylaid down by them before registering a domain name. In the case of <.PHARMACY>, the activity bearing this top level domain shall imperatively demonstrate a legitimate interest. This implies that the consumer will not be misled by the domain name extension. Furthermore, verifications will be carried out in the long term so that registrants may keep their domain names only if they comply with these requirements.
On account of the regulation performed by this entity and its’ will to work towards more regulation and security, it is possible to hope for changes in the registrars’ legal framework as the neutrality privilege cannot be combined with a regulatory duty.
The WHOIS operated by registries showed flaws despite the willingness of registrars to ensure increased security
The increase in the number of domain names is a direct consequence of Internet democratisation. In that sense, the Internet offers more visibility for companies and even allows some individuals in bad faith to register domain names for resale at a high price to other individuals or entities who, in turn, have a legitimate interest.
When ICANN was created in 1998, the Clinton administration ordered the implementation of a highly accurate WHOIS database. The purpose was to index all registrants and to be able to contact them. Today, registries are responsible for operating the WHOIS database and its extensions.
Despite the publication, in December 2016, of a report (report of the WHOIS Accuracy Reporting System) pointing to this database performance, resolutions are yet to be passed to fill the gaps. This report has addressed the operational capacity of the WHOIS over 12 000 registered domain names with 664 different registrars. This sample comprised the old and new gTLDs only and excluded the ccTLDs (national domain names).
The study consists of two stages. Firstly, the formats of the e-mail address and phone number are verified. Then a test e-mail is sent to check if it is effectively delivered to the address specified in the WHOIS. In 97% of the cases, at least one of the details were valid with respect to its format and the test message is successfully delivered. North America has the most accurate information, whereas Africa conveys the most insufficient WHOIS information. The report, however, does include a weakness as no follow-ups are performed, and effective receipt of the message by the registrant is not mentioned. The test message only reports the existence of a valid address; as a consequence, receipt of the test message on a junk e-mail address, despite the validity of the address format, does not appear in the remaining 3% having specified inaccurate informations according to the report. Even if the specified WHOIS e-mail address is a junk e-mail address, as long as the address format is valid, the registrant’s address will be included in the 97% of domain name registrants who specified accurate details. In that context, in spite of erroneous information, this situation contributes to reinforcing WHOIS operativeness and accuracy.
Consequently, the real major challenge is to be able to effectively contact the registrant. However, even though the WHOIS does contain information, oftentimes the addresses lead nowhere because sauid information is inaccurate. Accordingly, the WHOIS is not as effective as seemingly stated by the report.
While domain names are growing in importance, information security and transparency are not always a priority for the main actors. Developments in the legal framework would thus be welcome.
Our site uses cookies to offer you the best service and to produce statistics, and measure the website's audience. You can change your preferences at any time by clicking on the "Customise my choices" section.
When browsing the Website, Internet users leave digital traces. This information is collected by a connection indicator called "cookie".
Dreyfus uses cookies for statistical analysis purposes to offer you the best experience on its Website.
In compliance with the applicable regulations and with your prior consent, Dreyfus may collect information relating to your terminal or the networks from which you access the Website.
The cookies associated with our Website are intended to store only information relating to your navigation on the Website. This information can be directly read or modified during your subsequent visits and searches on the Website.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Dreyfus is concerned about protecting your privacy and the Personal Data ("Data"; "Personal Data") it collects and processes for you.
Hence, Dreyfus complies every day with the European Union legislation regarding Data protection and particularly the European General Data Protection Regulation Number 2016/679 of 27 April 2016 (GDPR).
This Privacy Policy is aimed at informing you clearly and comprehensively about how Dreyfus, as Data Controller, collects and uses your Personal Data. In addition, the purpose of this Policy is to inform you about the means at your disposal to control this use and exercise your rights related to the said processing, collection and use of your Personal Data.
This Privacy Policy describes how Dreyfus collects and processes your Personal Data. The collection happens when you visit our Website, when you exchange with Dreyfus by e-mail or post, when exercising our Intellectual Property Attorney and representative roles, when we interact with our clients and fellow practitioners, or on any other occasion when you provide your Personal Data to Dreyfus, in particular when you register for our professional events.
Written by Dreyfus07/09/2017 
In May 25, 2018, the European General Data Protection Regulations (GDPR) will enter into force and replace the European Data Protection Directive 95/46/EC that currently harmonizes data privacy laws. There is a growing concern among consumers to protect their privacy. With the constant evolution of technology and the increase in the quantity of data collected, the 1995 Directive had to be updated in order to stay relevant. One of such changes concerns WHOIS databases. Indeed, the GDPR provides new standards concerning the way WHOISes work.
