We like to assume that the companies we interact with and purchase from are morally sentient enough to respect privacy principles, but unfortunately, this is not always the case.
This is why European authorities have introduced the General Data Protection Regulation (GDPR), which aims to provide extra protection for EU citizens while also ensuring companies are handling customer data responsibly.
However, despite the EU’s good intentions, GDPR is set to actually make protection of customers more difficult – mostly because of the negative impact it will have on WHOIS, the domain name lookup service that is integral to online abuse efforts. In fact, since the GDPR came into force on May 25th, nearly all registrant information in WHOIS has been deleted.
A data blackout
WHOIS in its past form was not compliant with GDPR, as it contained large amounts of personally identifiable data, from full names to home and email addresses. The Internet Corporation for Assigned Names and Numbers (ICANN) implemented a Temporary Specification for the WHOIS to preserve the data, but this same specification allows registrars and registries to redact much of the old registrant data.
This WHOIS blackout is significant in terms of impact to brand protection efforts – a totally unintended consequence of the GDPR. If the impact on brand protection had been understood from the start, European authorities would surely have worked hard to allow WHOIS to remain active. It’s simply counterintuitive to overvalue privacy to the point where it jeopardizes the public interest which is protecting those same citizens.
The problem extends far beyond WHOIS. GDPR will affect any business that collects information about their consumers – which is basically all of them – and achieving compliance requires more than a few simple tweaks to existing systems.
The result is that organizations are getting bogged down in the details of regulatory compliance and forgetting to focus on the fundamentals of brand protection. In an ideal world, businesses should have additional resources that are solely dedicated to GDPR, while existing staff can continue to monitor and manage traditional brand and consumer protection methods.
What can brands do post-GDPR?
Faced with our current scenario, we will no doubt see an evolution in brand protection technology that aims to replace the need for WHOIS. MarkMonitor has expanded its own data technology that will help businesses access the data they need to maintain their brand protection efforts; the likes of which will only become more vital as time goes on.
Secondly, there will be more manual work required to stay protected. Compliance departments and brand enforcement teams will have to trawl through infringing websites to identify the necessary information, which could consequently force businesses to hire more staff.
Finally, brands will have to go to the courts to access any registrar or registrant information, which will lead to increased litigation costs. This is something that all brands should factor into their protections plans.
To learn more and find out how we can help your brand, please get in touch with MarkMonitor today.