The Uniform Domain Name Dispute Resolution Policy, commonly known as the UDRP, was first introduced on October 24, 1999, by the Internet Corporation for Assigned Names and Numbers (ICANN). The UDRP is incorporated by reference into Registration Agreements for all generic top-level domain names (gTLDs) and some country-code top-level domain names (ccTLDs).

The Policy sets out the legal framework for resolving disputes between a domain name registrant and a third party over the registration and use of a specific domain name. Over the last twenty years, the number of registered domain names has dramatically increased, reaching over 354 million registrations this year. The UDRP has become the primary route to resolve domain name disputes.

The World Intellectual Property Organisation (WIPO) is one of the main providers for domain disputes and has processed over 45,000 cases to date. Besides gTLDs, which all fall under the UDRP, WIPO provides domain dispute resolution services for 76 ccTLDs. In total, six accredited providers administer UDRP complaints, the Forum being the second largest provider.

The Evolution of the UDRP

The purpose of the UDRP is to combat cybersquatting, which, according to the US Anticybersquatting Consumer Protection Act (ACPA) is defined as “registering, trafficking in, or using an Internet domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else”.

Since the very first case under the UDRP, World Wrestling Federation Entertainment, Inc. v. Michael Bosman, WIPO Case No. D99-0001, which was decided by Panelist M. Scott Donahey, the UDRP has dealt with many complex issues involving a significant number of domain names. Indeed, WIPO has administered over 45,000 cases involving over 83,000 domain names since the UDRP’s creation. The top 2 industry sectors in terms of Complainant activity are retail, and the banking and finance industry, which respectively amounts to 10.36% and 10.05%.

The UDRP has also seen Complainants and Respondents coming from countries all around the world. Complainants in the United States account for almost 35% of cases filed, followed by France (12.48%) and the United Kingdom (8.10%). However, while domain registrants primarily reside in the United States with over 30% of cases filed, People’s Republic of China is the second-ranked country where registrants are based, amounting to 11.22% of cases filed since 1999.

When filing UDRP cases, Complainants need to rely on UDRP jurisprudence to build their cases. Although Panelists are under no obligation to follow past decisions, case precedents form a significant part of the UDRP, which has helped the Policy to develop over the years. With the high number of decisions decided each year, the growing need to identify consensus in UDRP jurisprudence became even more vital.

WIPO Overviews and the UDRP Jurisprudence

Since the creation of the UDRP, law practitioners have always expressed the need for a document summarising consensus views among the UDRP Panelists. Based on this request, WIPO introduced Version 1.0 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions in 2005. In 2011, WIPO Overview 2.0 launched, which examined 46 issues in UDRP decisions. WIPO Overview 2.0 was in use for six years, and it was only on May 23rd, 2017 that WIPO launched the third version (WIPO Overview 3.0). This version discussed 64 issues with more than 1,000 decisions cited.

Key changes took place between the two versions. Between 2011 and 2017, the emergence of new gTLDs impacted the importance of the domain suffix. TLDs such as “.clothing” or “.tech” for example, now have more weight when assessing bad faith. One of the pioneer cases which discussed this issue is Canyon Bicycles GmbH v. Domains By Proxy, LLC/ Rob van Eck, WIPO Case No. D2014-0206, where the Panel held that “given the advent of multiple new gTLD domain names, panels may determine that it is appropriate to include consideration of the top-level suffix of a domain name for the purpose of the assessment of identity or similarity in a given case, and indeed, there is nothing in the wording of the Policy that would preclude such an approach”.

As a result, the use of new gTLDs, which imply a link to the trademark owner can add to Internet user confusion, and for this reason, is considered under the first element, as well as the third element when assessing bad faith. Internationalised domain names (IDN) are also becoming more popular in recent years, with Internet users registering non-Latin or symbolic domain names. UDRP Panelists have adapted to this change and now consider translations or transliterations of domain names in their deliberations.

Through the years, the UDRP has tackled various issues, but some decisions are cited more than others. The case of Telstra Corporation Limited v. Nuclear Marshmallows, WIPO Case No. D2000-0003 remains the most cited case, with a frequency of 8,088 times. This decision, the fourth case ever decided by a UDRP Panel, tackled the issue of inactive domain names. The decision set out conditions by which the passive holding of a domain name still amounted to bad faith use. Since the decision in Telstra, trademark owners continue to rely on the principles outlined in this case when addressing a domain name that fails to resolve to active content. Though passive holding of a domain name can amount to bad faith use, trademark owners must not forget that they still have the burden to prove registration in bad faith.

The second most popular UDRP decision is, without a doubt, the case of Oki Data Americas, Inc. v. ASD, Inc., WIPO Case No. D20001-0903. Here, the Panelist David H. Bernstein raised the difficult question of whether an authorized sales or service agent of trademarked goods could use the trademark at issue in its domain name. In his decision, the Panel held that specific conditions must be met by the reseller to justify a legitimate interest in using a domain name containing the trademark’s owner brand. Though this decision was published in the early stages of the UDRP in 2001, reseller cases still apply the Oki Data decision when assessing if a reseller can justify a legitimate interest in its domain name. Following this decision, uncertainty arose over whether this case also applied to unauthorized resellers. The decision, Volvo Trademark Holding AB v. Auto Shivuk, WIPO Case No. D2005-0447 clarified this, finding that the Oki Data decision could apply to both authorized and unauthorized resellers.

The two decisions cited above are among the most popular cases used in UDRP disputes, but several more Panel decisions have helped shape UDRP jurisprudence. This includes, among others, the issue of proving common law or unregistered trademark rights, which led to several well-known decisions, such as Uitgerverij Crux v. W. Frederic Isler, WIPO Case No. D2000-0575 (discussing this for the first time), and the case of Israel Harold Asper v. Communication X Inc., WIPO Case No. D2001-0540, which clarified that rights in a personal name are recognized under the UDRP if the name has been used in a commercial manner, which the complaining party, a Canadian businessman and lawyer, had failed to establish.

For trademark owners and legal practitioners, WIPO Overview 3.0 remains the ultimate resource when filing domain disputes. With more than 1,000 cases listed, Panelists always advise trademark owners to use the cases cited in the Overview.

Following the guidelines provided can also help to prevent trademark owners from being found guilty of Reverse Domain Name Hijacking (“RDNH”).

RDNH is when a trademark owner attempts to use the UDRP to deprive a registered domain name holder of a domain name. 2016 saw a record number of RDNH in UDRP cases, with 37 complainants found to have abused the UDRP Policy. This surpassed the previous record with 31 RDNH decisions issued in 2015. Complainants are found guilty of RDNH for various reasons. One reason often found is that the Complainant knew or clearly should have known at the time that it filed the complaint that it could not prove one the essential elements required by the UDRP, perhaps because the domain name was registered many years before it acquired rights in a mark. This has led many Respondent to claim that such cases be barred based on the doctrine of laches.

Doctrine of Laches – Time to Reconsider?

Traditionally, the question of timing was a factor to consider when assessing whether a complaining party had a legitimate right to bring a claim against another entity on the grounds of trademark infringement. Under the US doctrine of laches, a trademark claim is barred if a defendant can show that a prolonged period has passed between the registration of the plaintiff’s trademark and the alleged infringement. That said, when it comes to domain names, the doctrine does not apply. WIPO Overview 3.0, Guideline 4.17 states that:

“Panels have widely recognized that mere delay between the registration of a domain name and the filing of a complaint neither bars a complainant from filing such case, nor from potentially prevailing on the merits.”

Panels noted that the UDRP remedy is injunctive, and the principal concern is to avoid future abuse/damage, and not provide equitable relief. Panels have also recognized that trademark owners cannot reasonably be expected to monitor every instance of potential trademark abuse or to enforce each instance as they arise. For these reasons, Panels have declined to adopt the doctrine of laches or its equivalent in UDRP cases.

Even so, some Panels have taken account of the delay of a Complainant to bring a complaint under the UDRP when making their decision. In the case of Board of Trustees of the University of Arkansas v. FanMail.com, LLC, WIPO Case No. D2009-1139, the doctrine of laches was discussed at great length. Though the decision rejected the use of laches, the Panel held that “the delay and lack of explanation for it strengthen Respondent’s cases for a right or legitimate interest in the Domain Name and negate Complainant’s case that the Domain Name has been used in bad faith. That is so because the unchallenged evidence is that Complainant, by inactivity, encouraged Respondent to continue to use the Domain Name in the way in which Complainant knew it was being used”.

Still, finding for the Respondent based on laches alone is not possible under the UDRP, and Panels would only deny complaints if Complainants have failed to establish the substantive grounds required under the Policy. For example, in the recent case of The Pennsylvania State University v. Mark Lauer/ Keystone Alternatives, NAF Claim FA1847529, July 29, 2019, the Panel denied the complaint as the trademark owner failed to prove that the registrant had no legitimate interest in the domain name, and consequently, did not act in bad faith. The Respondent, in this case, relied on the doctrine of laches and asked for the complaint to be denied on those grounds, but the Panel held that it was unnecessary to decide whether the proceeding would or should have been denied on the ground of laches alone.

Twenty years after the creation of the UDRP, Panels will see more and more cases brought with domain names registered 15 to 20 years ago, and the delay in bringing a complaint by a trademark holder may have more significance to a Respondent than ever before.

Another significant event already having a tremendous effect on the UDRP is the implementation of the new European data protection law in 2018.

GDPR and its effect on the UDRP

Since the new European data protection law (General Data Protection Regulation 2016/679) came into force on May 25th, 2018, the number of UDRP disputes has increased. Indeed, with GDPR coming into effect last year, law practitioners have seen changes in the disclosure of WHOIS details. Before GDPR, the WHOIS Registry was publically accessible, and trademark owners and their representatives could identify a domain name owner before filing a dispute. Now, however, GDPR has made it more difficult to engage with domain registrants. With most information unavailable, it seems that more practitioners now file cases in an attempt to disclose registrant information. Once revealed, Complainants have the opportunity to amend the dispute to reflect the Respondent’s correct details.

Furthermore, GDPR has made UDRP consolidations even more challenging. The UDRP allows trademark owners to include multiple domain names in a single complaint. The limitations placed on WHOIS information prevent trademark owners from identifying additional domain names owned by the same cybersquatter. This is likely to lead to trademark owners needing to file more single complaints, which is more expensive and time-consuming.

The UDRP element most affected by the GDPR is the third circumstance that deals with bad faith. Showing an abusive pattern of conduct has become more complex, and trademark owners have more of a difficult task of finding past cybersquatting activity. The tools previously available to investigators to analyze a registrants’ previous dispute record or portfolio have become less effective with the arrival of GDPR. While an investigator’s job has become more challenging, the UDRP remains one of the most effective tools to combat cybersquatting in the Internet world.

What is next for the UDRP?

A lot has changed since the creation of the UDRP, and with new issues arising, the Policy has evolved to be in line with the fast-pacing change of the Internet. The new generation of TLDs contributed to the rise of UDRP filings, but “.com” domain names still amount to 79% of cases filed. The ccTLD “.co” assigned to Colombia is the most popular ccTLD using the UDRP, with 56 cases filed this year.

Nevertheless, despite the increase in filings, after two decades, some practitioners/groups believe that some essential elements of the UDRP are due for reform. In 2015, ICANN issued a Preliminary Issue Report to review all Rights Protection Mechanisms (RPMs) in all gTLDs followed up by a working group which was established to review and possibly reform RPMs, including the UDRP, which is yet to be reviewed.

In the meantime, the UDRP continues—20 years after its creation—to be the most effective tool to combat cybersquatting, saving time and money to trademark owners.

* * *

On October 21, 2019, WIPO organizes a conference to commemorate this milestone. This event, where over 100 UDRP Panelists will attend, will look back at the UDRP jurisprudence, and look ahead on the future of the UDRP, Internet developments, and other topical items. As one of the top-ranking filers of domain name disputes with WIPO, Safenames’ Legal Department will be attending this event, which will be held at WIPO’s headquarters in Geneva, Switzerland.