Crash Course: What Trademark Lawyers Need to Know About GDPR

Crash Course: What Trademark Lawyers Need to Know About GDPR

No doubt you’ve heard a thing or two recently about something called GDPR. After years of discussions and speculation, European Union data regulators finally made the General Data Protection Regulation (GDPR) enforceable as of May 25 of this year. This regulation in EU law is designed to instigate new data privacy rights and protect users online, thereby giving personal data control back to the individuals who use websites or services. But what does that mean for users, brands and the trademark community as a whole?

DataAbuse.Sucks, so make sure you’re on top of the latest privacy laws and regulations to ensure you and your brand don’t get stung.

What Exactly is GDPR?

A boardroom discussion

First things first: let’s unpack the topic at hand. GDPR is a much-needed update to European data privacy laws. It was originally proposed in January 2012 and was approved by parliament in April 2016. This regulation replaces an outdated data protection directive from 1995, when only about 1% of the European population was regularly using the internet.

GDPR is designed to protect “personal data”, an intentionally broad term that encompasses virtually all information about an individual, including name, identification number, location data and data specific to the identity of a person. This regulation is much more far-reaching than in other countries, including the U.S., where personal data is more narrowly defined. For example, in the U.S., IP addresses are not considered personal data because they cannot directly identify an individual. Under the new EU rules, online identifiers such as email, IP addresses, MAC addresses and even health-related data from wearable fitness tech are now protected from privacy and data breaches.

How Does This Impact You?

Companies outside of the EU can still be held accountable under these stringent new laws. If the company operates in the EU, offers services to people in the EU or collects or uses data from EU internet users in any way, these new laws will apply to them. For lower level infractions, the penalty for violating these new rules is a fine of up to 10 million euros, or 2% of their worldwide annual revenue of the prior financial year, whichever is higher. Upper level infractions however carry a fine of up to 20 million euros, or 4% of the company’s annual revenue worldwide.

What Will the Impact Be?

coworkers on their devices

GDPR means it may be harder to find out who owns a particular domain, for one thing. Under GDPR, WHOIS, the free directory of domain owners’ names and contact information provided by ICANN, will be severely restricted. This has implications for law enforcement and cybersecurity, who often rely on these services. For the trademark and IP community, it could be harder to identify cybersquatters who may be sitting on your ideal or pre-existing URL.

The laws are designed to give consumers more control over how their information is collected, shared and used. Depending on how your brand has been collecting and utilizing customer data, the effects of GDPR could range from non-existent to extreme, but brands and the trademark/IP community should see this as an opportunity to provide better services to their audiences.

Transparency will be key, and brands that already acknowledge this as a part of their customer service strategy will be well ahead of the game as data privacy issues get worked out at both governmental and personal levels. Customers are more likely to engage with your brand or service if they trust you and if what you’re offering doesn’t feel intrusive or exploitative. Start treating customers like people, not just data, and the results may surprise you.

The Takeaway

Will GDPR laws in Europe spark change in the U.S.? Most likely. After the Facebook/Cambridge Analytica scandal, data privacy concerns are a high priority in the minds of lawmakers and internet users everywhere. And companies that deal with European citizens in any way are already having to change their policies to adhere to these stricter privacy laws. Get ahead of the game and make sure your users’ data privacy is part of your explicit business statement. It’s no longer just good business sense—it’s the law.

Facebook and CA learned the hard way that SellingOurData.Sucks; grab a custom .SUCKS domain to add your voice to the data privacy debate today.

Photo Credits: Shutterstock / SFIO CRACHO, Shutterstock / zeljkodan, Shutterstock / Rawpixel