About Intellectual Property IP Training IP Outreach IP for… IP and... IP in... Patent & Technology Information Trademark Information Industrial Design Information Geographical Indication Information Plant Variety Information (UPOV) IP Laws, Treaties & Judgements IP Resources IP Reports Patent Protection Trademark Protection Industrial Design Protection Geographical Indication Protection Plant Variety Protection (UPOV) IP Dispute Resolution IP Office Business Solutions Paying for IP Services Negotiation & Decision-Making Development Cooperation Innovation Support Public-Private Partnerships The Organization Working with WIPO Accountability Patents Trademarks Industrial Designs Geographical Indications Copyright Trade Secrets WIPO Academy Workshops & Seminars World IP Day WIPO Magazine Raising Awareness Case Studies & Success Stories IP News WIPO Awards Business Universities Indigenous Peoples Judiciaries Genetic Resources, Traditional Knowledge and Traditional Cultural Expressions Economics Gender Equality Global Health Climate Change Competition Policy Sustainable Development Goals Enforcement Frontier Technologies Mobile Applications Sports Tourism PATENTSCOPE Patent Analytics International Patent Classification ARDI – Research for Innovation ASPI – Specialized Patent Information Global Brand Database Madrid Monitor Article 6ter Express Database Nice Classification Vienna Classification Global Design Database International Designs Bulletin Hague Express Database Locarno Classification Lisbon Express Database Global Brand Database for GIs PLUTO Plant Variety Database GENIE Database WIPO-Administered Treaties WIPO Lex - IP Laws, Treaties & Judgments WIPO Standards IP Statistics WIPO Pearl (Terminology) WIPO Publications Country IP Profiles WIPO Knowledge Center WIPO Technology Trends Global Innovation Index World Intellectual Property Report PCT – The International Patent System ePCT Budapest – The International Microorganism Deposit System Madrid – The International Trademark System eMadrid Article 6ter (armorial bearings, flags, state emblems) Hague – The International Design System eHague Lisbon – The International System of Appellations of Origin and Geographical Indications eLisbon UPOV PRISMA Mediation Arbitration Expert Determination Domain Name Disputes Centralized Access to Search and Examination (CASE) Digital Access Service (DAS) WIPO Pay Current Account at WIPO WIPO Assemblies Standing Committees Calendar of Meetings WIPO Official Documents Development Agenda Technical Assistance IP Training Institutions COVID-19 Support National IP Strategies Policy & Legislative Advice Cooperation Hub Technology and Innovation Support Centers (TISC) Technology Transfer Inventor Assistance Program WIPO GREEN WIPO's Pat-INFORMED Accessible Books Consortium WIPO for Creators WIPO ALERT Member States Observers Director General Activities by Unit External Offices Job Vacancies Procurement Results & Budget Financial Reporting Oversight

Q&A: domain name WHOIS data and the UDRP

Prior to 2018 and the GDPR, you could go online to a registrar’s public WHOIS database to find out who registered a domain name.

Now, instead of searching the WHOIS database, in most cases you will need to submit a request to the registrar and ask that they disclose the identity and contact information for the domain name registrant.  

You may go to the registrar’s website directly to submit a request, or you may do so through ICANN’s pilot Registration Data Request Service (RDRS) [ ICANN’s press release].

ICANN’s RDRS ticketing system is free to use, and sends your request to the participating registrar. It is then up to the registrar to decide how to handle your request.

ICANN’s Contracted Parties (the domain name registries and registrars) have provided a guide on the minimum information that should be included in your request; this includes:

  1. Full Name, Affiliation [e.g., attorney for brand owner], and Contact Details of the requestor
  2. The domain name in question
  3. A statement (Power of Attorney), from the party you represent, that you represent them and their interests with regard to this request.
  4. A statement that requested data are related to a good-faith belief that you have legally legitimate need for the data, and that it is specifically required to pursue further action.
  5. Case Summary:
    • a. A brief description of the issue the request is attempting to resolve, including sufficient information to make the issue obvious without requiring investigation by the registrar.
    • b. An explanation of the legal basis by which the request is being made. Where possible, a reference to the applicable law [this may be GDPR Art 6(1)(f); you are advised to confirm this for yourself].
    • c. Any relevant documentation for the request.

      For example, a trademark issue would describe how the mark is being infringed under applicable law, and documentation that the mark is owned/represented by the requestor.
  6. A statement that any personal data received through this process will be processed in compliance with applicable data protection law.
  7. A statement that submission of the request is, to the best your knowledge, complete and accurate. [You may be held responsible if this is false.]

In some cases, you may be able to find this information using the ICANN Lookup Tool.

Results will vary, and the publicly-available WHOIS data may provide limited information such as the registrant’s legal (or “organization”) name, its state, and its country.

This will also allow you to identify the registrar for the domain name, in which case you may contact them directly; you can also use the WHOIS lookup link on that registrar’s page if one is available.

Contact information can also sometimes be found on the website of the relevant domain name. There are also a range of services that help you conduct these searches, usually for a fee.

If the information provided by the registrar in response to a request is believed to be inaccurate, a complaint can be submitted using the ICANN WHOIS inaccuracy form.

Yes. It is possible to submit a UDRP complaint on a “John Doe” (or “unknown” registrant) basis.

In some cases, the registrar may not provide you with any WHOIS information, or the information you receive may only show a “privacy service” as the registrant.

ICANN requires registrars to provide registration data to UDRP providers. (Note also e.g., the ECO GDPR Domain Industry Playbook discussion of Articles 6(1)(f) “legitimate purposes” and 6(1)(b) “performance of a contract”.)

In this case, WIPO will ask the registrar to confirm the registrant contact details, and once provided, those can be used to amend your complaint – amendments may include the party names, substantive arguments, or your “mutual jurisdiction” election.

For example, if you discover that the registrant is a repeat cybersquatter you may wish to say this.

Equally, you may wish to withdraw your complaint prior to formal commencement (about 15%-20% of cases settle, in which case you also get a substantial USD $1,000 refund) if you discover that the registrant has a legitimate claim to the domain name – for example their personal name corresponds to the domain name.

Note that even if you choose not to amend your complaint, WIPO will use the registrar-confirmed registrant contact information to notify the case and to provide due process to the registrant.

Panels assess requests to consolidate UDRP cases along the lines articulated in section 4.11 of the WIPO Overview 3.0. This may evolve if panels are made aware of other indicators of common control.

If a case is filed based on a request to consolidate, but that request is denied by the panel, you would have to split the original case into separate cases.

Paragraph 4(j) of the UDRP mandates that “[a]ll decisions under this Policy will be published in full over the Internet, except when an Administrative Panel determines in an exceptional case to redact portions of its decision.” This includes party names.

By registering a domain name, (per the applicable terms and conditions), domain name registrants subject to a UDRP proceeding are bound by this provision.

Publication of party names in UDRP decisions is useful to the overall functioning of the UDRP in that it helps to explain the panel’s findings, supports jurisprudential consistency, facilitates the conduct of other cases as appropriate, and furthermore can be used to illustrate a pattern.

Normally the person asking to redact (exclude) their name from being included in a UDRP decision would submit a request during the case – whether in the formal response or even in a simple email.

If for some reason this is not possible [(e.g., in a case of claimed identity theft where your name was used by someone else to register a domain name)] any request to remove your name from a published UDRP decision, including the reason for your request, should be submitted to arbiter.mail@wipo.int for review.

What are the legitimate purposes for which WIPO uses registrant information in UDRP cases?

The legitimate purposes for which personal data are used by WIPO flows from the administration of cases under the UDRP – this includes, notably:

  • due process: assuring timely and reliable notice of UDRP complaints to domain name registrants (i.e., forwarding the complaint via email, and the Written Notice to all addresses available for the registrant);
  • understanding the “mutual jurisdiction” in a particular case;
  • relaying registrant information which a complainant is required to include in its UDRP complaint;
  • allowing a UDRP complainant to amend, if it chooses, its complaint upon being apprised of the registrant’s contact details;
  • providing the fullest possible record on which appointed panelists decide a UDRP case;
  • publishing a range of statistical information on domain name disputes.

The categories of personal data necessary for the administration of a UDRP cases are: names, postal addresses, email addresses, telephone numbers and fax numbers. (A range of physical and information security protocols cover WIPO.)