Stefanie Efstathiou

Stefanie Efstathiou

Today, I am talking to Stefanie Efstathiou. Stefanie is a Greek-German jurist (LL.M. mult.), admitted as an Attorney at Law in Greece and recently qualified in Germany. She is a Foreign Associate in the Arbitration Team of Hogan Lovells in Munich working mainly in the field of international commercial arbitration. Coming from an IP background, she also acts as a Domain Name Arbitrator/Panelist for the Czech Arbitration Court (CAC) and the Canadian International Internet Dispute Resolution Centre (CIIDRC). She is a PhD candidate at the LMU, holds three LL.M. titles and specializes in international and domestic commercial dispute resolution, as well as in Domain Name Arbitration disputes under various rules (UDRP, CIRA, .eu Rules). She is also an ambassador of Arbitrator Intelligence and a member of several arbitral organizations for young practitioners, as well as a member of ArbitralWomen.

Thanks a lot for joining me, Stefanie! We know each other for several years now and whenever I think about domain name disputes your name is the first one to pop into my head. Before we go into all of the details, let’s talk about you and your first steps in the world of Domain Name Arbitration.

Dearest Svenja, first of all, I would like to thank you for inviting me to this interview. It is a pleasure to be here today and talk about a topic that I am very passionate about! I also want to congratulate you on this great initiative and concept that you’ve created, which enhances visibility of colleagues and promotes diversity within the arbitration community.

Regarding my background, I must admit that I didn’t find Domain Name Arbitration, Domain Name Arbitration found me – so to speak. My first years of legal training and practice were mainly focused on the field of intellectual property, especially trademark law. After my studies and legal training in Greece, I decided to move to Germany for professional reasons and the boutique law firm I started working at in Munich was specialised inter alia in Domain Name Arbitration. One of its Partners is one of the most renown domain name lawyers in Germany. This is how I discovered the world of Domain Name Arbitration and dived right into it, since it combined my two preferred legal fields, i.e. trademark law and arbitration.

You hold three LL.M.s. Is one of them connected to Domain Name Arbitration?

My LL.M. studies were not directly connected to Domain Name Arbitration but Arbitration in general. However, one thesis was indeed on this topic with the title “The introduction of an alternative dispute resolution procedure in the German domain name law system”.

Domain Name Arbitration seems to be a very specialised field. Why choose it in the first place?

Compared to other kinds of arbitration, Domain Name Arbitration is indeed a niche, and it has its peculiarities. To me it is a very interesting intersection of IP law and arbitration. It has its own procedural rules and the system behind the domain names itself is a quite complex one. It also gives you an interdisciplinary perspective since it is not only legal but also technical.

How tech-savvy are you and how much specialized knowledge is required to work in this field?

There is a reason why the field is a niche and why “traditional” arbitration lawyers do not get really involved with it. To practice Domain Name Arbitration, one needs to know at least the basics in regard to trademarks and also have specific knowledge on the technical characteristics and requirements of the Domain Name System (DNS).

I might have to admit that I do not know exactly what DNS entails. What is DNS?

The DNS is the hierarchical and decentralised naming system for the underlying internet addresses. In other words, the DNS is the system that is translating the numerical internet addresses to readable addresses (in words and not numbers) and (re)directs you to the given webpage. The DNS has been an essential component of the functionality of the Internet since 1985.

Domain Name Arbitration is indeed a niche, and it has its peculiarities

To get into further details: What is a domain name?

In order to understand what Domain Names are, one has to bear in mind that every computer on the public internet has a unique numeric address, which is a string of numbers – the so called IP address. A domain name is the translation of a given numeric address into a unique alphanumeric address, which is easier to remember. It is also the identification string that identifies a network “location”.

Domain Names are structured in a hierarchical system and comprised of at least two levels, i.e. Top-Level-Domains (TLDs) and Second-Level-Domains (SLDs). The first level, the TLD, is basically the ending of the domain name (after the dot), such as <.com>. The next level, the SLD, is the word(s) before the TLD and is usually used for describing or naming the website.

In light of that, there can be further levels added. The complete path directing to a given website is then called Uniform Resource Locator (URL).

Could you explain this with the example

In the example of the <.com> is the TLD, the words “digital-arbitration” is the SLD.

It is important to note that the <.com> TLD was one of the first TLDs of the DNS, being added in 1985. The others being <.edu>, <.int>, <.org>, <.mil>, <.gov> and <.net>.

And how do I get/own a Domain Name?

With respect to the registration of a domain name it is important to note that everyone can register a domain name, if it is still available for registration regardless of whether it is initially violating any rights (with certain exceptions applied depending on the respective Registry).

Behind every registration there are several technical requirements and processes. However, the right to use a domain name is delegated by domain name Registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN), the organization charged with overseeing the name and number systems of the Internet. In addition to ICANN, each TLD is maintained and serviced technically by an administrative organization – the so called Registry. The Registry is responsible for maintaining the database of domain names registered within the respective TLD it administers. Basically, there are numerous Registrars, that are often also web hosting companies, that provide the service of domain name registration followed by inter alia the hosting and creation of the website.

Consequently, to register a domain name one has to choose a Registrar, see if the domain name is available and buy it to a certain price (on top come the annual renewal fees). Prices vary depending on the TLD, the Registrar, the availability and often the assumed “popularity” of the domain name.

And what exactly is Domain Name Arbitration? Could you describe a typical case?

Due to the unique nature of the domain names, it early became evident that litigation was often not the right means, and that a separate arbitration process is needed. This led to the Uniform Domain Name Dispute Resolution Policy (UDRP), that was adopted by ICANN in 1999. This is a system of compulsory arbitration of disputes over the most prominent TLDs, such as <.com>, <.info> and many more.

The UDRP is a system of dispute resolution that applies only to domain names. A complainant initiates a claim under the UDRP before an accredited institution, e.g. WIPO, Czech Arbitration Court, CIIDRC etc. Usually, the complainant is a trademark owner who claims that the person who registered the domain name, the respondent, had no right to do so, and has acted, as well as is using the domain name in bad faith.

So, any misspellings open the path for an arbitration?

The first element (out of three – further described below) that a complainant needs to prove under the UDRP is that the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights.

Accordingly, if the complainant holds a nationally or regionally registered trademark or service/common law mark, this is already satisfying prima facie the threshold requirement of having trademark rights for the purposes of standing to file a UDRP claim.

Now, misspellings of the mentioned trademarks (i.e. typosquatting) are often observed and lead to claims against the registrant. A domain name which consists of a common, obvious, or intentional misspelling of a trademark is considered to be confusingly similar to the trademark and satisfies the first element. However, the trademark has still to be sufficiently recognisable.

Due to the unique nature of the domain names, it early became evident that […] a separate arbitration process is needed.

Is a domain name a trademark?

This is certainly a very interesting question. A domain name is not a trademark in the legal sense, per se. However, it can become a brand, if it is not descriptive or generic and has a distinctive character.

Whether domain names as such can be registered as trademarks would depend on the national IP law of the given jurisdiction. In principle, it is possible when the domain name satisfies the given requirements for the registration of a trademark. The European Trademark Office in Alicante, EUIPO, has registered numerous domain names as trademarks.

If I believe that someone is violating my domain name rights, where do I go? Are there specialized institutions for Domain Name Arbitration?

To begin with, I would suggest finding a specialised attorney in the field 😉. But to answer your question, there are indeed specialised institutions or specialised branches in arbitral institutions that provide services of domain name dispute resolution. Claims under the UDRP can be submitted to any dispute-resolution service provider that is accredited by ICANN. Those are only six in the world – the Arab Center for Domain Name Dispute Resolution (ACDR), the Asian Domain Name Dispute Resolution Centre, the CIIDRC, the CAC, WIPO, and the National Arbitration Forum.

What if someone is using the name of my brand as an internet domain? What are my rights?

If the brand is not a registered trademark or a service/common law mark it is not satisfying the mentioned threshold for filing a UDRP claim.

In the context of domain name arbitration, the brand could constitute an unregistered or common law mark. To establish unregistered or common law trademark rights for the purposes of the UDRP, the complainant must show that the mark has become a distinctive identifier which consumers associate with the complainant’s goods and/or services. Relevant evidence for demonstrating such acquired distinctiveness is inter alia i) the duration and nature of use of the mark, ii) the amount of sales under the mark, iii) the nature and extent of advertising using the mark, iv) the degree of actual public, i.e. consumer, industry, media recognition etc.

What are my obligations to prove that someone is violating my rights?

Under the UDRP complainants need to prove three elements. According to para. 4(a) UDRP these elements are the following:

(i) the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and

(ii) the respondent has no rights or legitimate interests in respect of the domain name; and

(iii) the domain name has been registered and is being used in bad faith.

I assume that in most domain name violations you do not know who is behind the violation, at least at the beginning. How do you get hold of the potential respondent?

It is true that the Registrant’s (contact) details are often not publicly known. The different tools used by domain name lawyers can provide certain information in this regard, but after the GDPR entered into force, this remains only possible for legal entities. Natural persons are now protected under the GDPR.

However, interestingly enough even prior to the stricter data protection rules or even now with respect to the legal entities, there are ways to conceal your identity and contact details by using a privacy or proxy service.

When a UDRP claim is filed, the Registrar of the respective domain name in dispute is notified with the request to either provide or verify the information of the registrant/respondent (even when a privacy or proxy service has been used). Thus, the claim is filed against the unknown registrant or the privacy/proxy service in the beginning and will be amended after receiving the relevant information from the Registrar.

With numbers of cyberattacks and cybercrime rising during and after the pandemic, it is already evident that domain name disputes are also on the rise and will continue that way

Is Domain Name Arbitration cost- and time-efficient?

Domain Name Arbitration is extremely cost- and time-efficient when compared to complex international commercial or investment arbitration proceedings. This is especially due to the fact that the only remedies under the UDRP are two: i) the cancellation of the disputed domain name or ii) the transfer of the disputed domain name to the complainant. Consequently, there are no lengthy submissions or numerous rounds of submissions. Domain Name Arbitration proceedings are being held online, in the sense that the claim is filed to the respective platform of the chosen dispute resolution service provider and there is no hearing taking place. The decision is automatically enforceable via the Registrar of the domain name and there are strict time limits, in order to have a decision (usually) after 2-3 months from filing the claim.

Does GDPR play an important role in Domain Name Arbitration?

As mentioned, it has certainly changed the way of “getting to” the personal information of the respondent. However, as we have seen this does not have a real implication in practice, since the information is then provided by the Registrar.

Nevertheless, there is one point where the GDPR is indeed having practical implications for the UDRP claims. Under the third element the complainant shall prove that the respondent has registered and is using the disputed domain name in bad faith. There are several circumstances that provide evidence of bad faith and one of them is that the respondent has registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that she/he has engaged in a pattern of such conduct. The said pattern of conduct requires proof of respondent’s abusive domain name registrations or proof that the respondent has been previously involved in other UDRP proceedings where bad faith registrations have been established. The first scenario is now practically impossible since the information of natural persons are no longer visible in the Registrar’s or ICANN’s data bases.

But how do you get hold of the one violating your rights when he/she is simply hiding behind GDPR?

This is a legitimate question and a valid concern. The domain name registrant is the person or entity who registers a domain name by entering into a contract with the Registrar. The contract describes the terms and conditions under which the Registrar agrees to register and maintain the requested domain name. After the registration, registrants manage their settings through their Registrar, that sends the updated settings and information then to the Registry. Registrants have certain rights and responsibilities. This includes entering their contact/personal information details when registering the domain name.

Now, after the relevant changes to the applicable data protection regulations in the GDPR-era, the information of a natural person who is a registrant may no longer be publicly available. At the same time Registrars must balance privacy and personal data concerns against legitimate third-party interests, such as in the case of legal disputes.

Consequently, it is evident that when there is legitimate interest the Registrar is obliged to provide the details of the registrant. In the context of domain name law/arbitration, you cannot get hold of the registrant’s information before the filing of a UDRP claim. When filing the claim, the process is as described above with respect to the involvement of the Registrar.

What changes do you expect to see in the future?

With respect to the country code specific top-level domain names (ccTLDs), which are the certified domain names used to identify those of a country or geographical area, my wishful thinking would be that more and more countries would adopt the golden standard of the UDRP. For example, Germany does not have in place an alternative dispute resolution mechanism for the <.de> domain names. Those disputes are resolved in court. Even though it is one of the leading ccTLDs in the world and according to recent statistics the third most popular ccTLD in terms of number of registrations – with <.tk> (Tokelau) being in the first and <.cn> (China) in the second place.

With numbers of cyberattacks and cybercrime rising during and after the pandemic, it is already evident that domain name disputes are also on the rise and will continue that way. Statistics of the last two years prove that. A recent example are the statistics of the HKIAC for 2021, where “A total of 514 matters were submitted to HKIAC in 2021. Of those, 277 were arbitrations, 225 were domain name disputes (..)”. Therefore, a possible outcome of this trend could be the accreditation of more dispute resolution service providers by ICANN, possibly coming from the pool of the already known major arbitral institutions.

Thanks a lot Stefanie. That was really insightful and is a field I am sure many people had no specific knowledge before our interview.

About the Interviewer