含羞草社区

Delhi High Court recently dealt with issues arising from the widespread appearance on the internet of domain names that are deceptively similar to those of well-known trademarks and brands. The judgments in the connected matters of, among others, and , attacked the systemic way in which customers are defrauded through hoax domains. The court, taking into consideration the dynamic way domains are established and operated, issued directions affecting not only the existing jurisprudence of trademark law, but also causing alarm within the data protection and privacy law ecosystem.

The judgments do away with the longstanding assumption that domain registration is a low-risk activity requiring minimal oversight. The court challenged the default privacy protections that are granted to domain name registrants and the safe harbour protections allowed to domain name registrars (DNR). The court analysed the consequences of removing the automatic privacy protection mechanism and found that the cost of privacy is no more than an additional monetary charge.

Paywalled domain privacy and consent

DNRs currently mask the personal data of registrants in accordance with the EU General Data Protection Regulation. Contractual arrangements between the parties set out the terms and conditions of unmasking personal data. Registrants could decide whether to consent to their data being published in the relevant databases by the DNRs. These judgments require registrants to pay an additional service charge for privacy protection. Without such privacy protection, anyone wanting to know the details of the owner of a particular domain name may now access registrants’ personal data. This shifts the balance of consent, no longer allowing consent to be a function of individuality, but rather one of monetary means.

The court attempted to address this by relying on , to balance privacy against infringement concerns. That judgment dealt with the disclosure of subscriber information of those involved in infringing activity. It did not include a blanket declaration against all current and future users, as did Colgate Palmolive. This expansion by the court of the Neetu Singh decision sits uneasily with the free, specific, informed and unconditional consent provisions of section 6 of the Digital Personal Data Protection Act, 2023.

Safe harbour squeeze chills speech

In making privacy subservient to the protection of corporate giants that own and control well-known trademarks, the court increased the threshold for compliance that intermediaries now have to meet to be protected by safe harbour provisions. DNRs are now barred from promoting alternative domains for names subject to injunctions, failing which they lose their safe harbour protection under section 79 of the Information Technology Act, 2000. The court’s directions equate similarity with infringement, without judicial adjudication and at the decision-making level of the registrar. The onus of determining whether a domain name is similar to another now rests primarily on DNRs. They are expected to work out whether the alternative domain names they recommend create a likelihood of confusion and diversion, and whether they can identify possible infringement.

This onerous responsibility thrust on the DNRs has serious implications for free speech. Domain names are not merely commercial identifiers but also function as conduits of expression, criticism, parody and non-commercial speech. The danger is spelled out in . Delegating such gatekeeping to intermediaries under the threat of stripping safe harbour protection encourages overcompliance and private censorship. Mere similarity at the registration stage may have serious consequences if incorrectly classified. DNRs may decide to be cautious and suspend or deny a domain registration. This effectively cripples free speech and expression in the digital era.

It is clear that the judgments have implications extending beyond the confines of intellectual property law, into the spheres of privacy laws and those protecting and regulating the facilitators of digital interactions. The consequences of Colgate Palmolive and the extent of its impact on the internet as a whole and digital privacy in particular in India remains to be seen.

Arzu Chimni is a managing associate and Natasha Matange is an associate at Obhan Mason