Hi Milton,

 

The penultimate sentence in your note below is unhelpful, factually incorrect, and inconsistent with guidance we’ve been given repeatedly not to attribute motive to others’ positions. That said, we welcome substantive discussion on our proposal and invite you to engage in that manner going forward.

 

Since the free speech example would not be trademark infringement, the requestor could not cite that basis to request data for a domain like this. Remember that in this use case we’re requiring that the requestor allege infringement, and fraud or misrepresentation can result in deaccreditation. The additional noteworthy safeguards we mention below are tied to this representation: that the requestor has a good-faith belief that the domain name is infringing. Do you think additional safeguards are required? If so, why? Which ones would you suggest?

 

As a final point on your note below, it seems like you think the legal standard for disclosure is proof of infringement. That’s not the case. GDPR allows processing for the “establishment, exercise or defence of legal claims” (emphasis here on establishment, as opposed to proof). Processing for the establishment of legal claims is explicitly allowed above the data subject’s right to erasure, right to restriction of processing, and right to object.

 

Again, we welcome constructive suggestions as to what additional safeguards you think might be needed to ensure the data is requested for the establishment of a legal claim. Thank you.

 

 

 

 

Brian there are many holes in this call for automation.

The most obvious being that the presence of an exact string match of a trademark is not by itself an infringement of a trademark.

There are many cases of free expression use of a string, such as “don’t-buy-nike.TLD”

There are accidental string matches or generic uses. There are uses in different industries that are not confusingly similar.

Your mention of the so-called “noteworthy safeguards” is laughably irrelevant, as it basically presumes that the requestor’s interest in disclosure is proof of infringement.  

While MarkMonitor’s business interest in automatic searching, requesting and intimidation of domain name registrants via demand letters is clear, I do not think that our policies need to be built around those business interests. If you believe a domain is infringing, file a UDRP.

 

Dr. Milton L Mueller

School of Public Policy

Georgia Institute of Technology

 

 

 

 

Hello EPDP Team,

 

Please find below our first proposal for automated disclosure.

 

Trademark Infringement in Domain Name

 

Requestor Safeguards

1. Accreditation Authority determines that the trademark is valid.
2. Accreditation Authority determines that Requestor is the legal owner, agent, or service provider of the trademark.

 

Request Safeguards

1. Requestor alleges that the domain name infringes Requestor’s trademark.
2. Requestor states its own legal basis and purpose for processing the data. Requestor makes a syntactically correct and complete request, including any/all required Authorization Assertions. Requestor makes all representations required by policy: use will be limited to stated purpose, data retention, etc.
3. Domain string contains exact match of trademark string (potentially including prefix or suffix, e.g. “nike-shoes.TLD” or “cheap-nike.TLD”).

 

Additional Noteworthy Safeguards

1. Registrant committed not to infringe the rights of third parties in its registration agreement, as required by the RA and RAA.
2. Registrant was informed at the time that its data was collected that it could be processed for third-party purposes, including intellectual property protection.

 

In these cases, disclosure can be automated.

 

 

Brian J. King  
Director of Internet Policy and Industry Affairs

 

T +1 443 761 3726
markmonitor.com

 

MarkMonitor
Protecting companies and consumers in a digital world