The European Union’s General Data Protection Regulation (GDPR), aimed at protecting against privacy and data breaches, went into effect on May 25. The territorial reach of the new regulation is extensive. The GDPR applies to companies processing and storing data of any individual in the European Union (EU), regardless of company location and even where that data is publicly available or voluntarily submitted by the individual.

Among the many implications, the ability of brand owners to enforce their trademarks against domain name squatters and infringers is likely to be affected post-GDPR because the law shields valuable identifying information. Compliance with the GDPR prevents public disclosure of information previously made available in WHOIS records for domain name registrations (i.e., name, physical address, email address and phone numbers). For IP rights holders, the free WHOIS database is a vital tool for enforcing unlawful or bad faith domain name registration and use. It provides parties with the ability to investigate and address infringements, reach out to unauthorized parties directly, and file a complaint to recover or disable an infringing domain name. Without access to WHOIS data, it will not be possible, in many cases, to identify the domain registrant of an offending domain name.