Case shows the limits of cybersquatting dispute policy.
Capital One (NYSE: COF) has lost a cybersquatting dispute it filed against someone who registered a domain name after a massive data breach was disclosed this summer.
The company filed the dispute under the Uniform Domain Name Dispute Resolution Policy (UDRP) against CapitalOneDataBreach(.)com, a domain that was registered on July 30. That’s about two weeks after the breach hit the news. Capital One filed the dispute one week later, on August 6.
At the time, the registrant of the domain hadn’t started using the domain name yet.
The domain registrant, a Georgia man, said that he registered the domain with no specific intention to monetize the Disputed Domain Name. He saw the media reports of the data breach, and he thought he could provide to the public information about the breach “…and maybe run ads or sometime later or redirect traffic to [his] business website.”
The admission that he might run ads or profit from the site was a silly one to make, yet the panel noted that he is not yet running ads on the site. After receiving the complaint, the man created a simple website about the data breach that does not include ads.
Panelist Kendall C. Reed of National Arbitration Forum determined that this case is one of potential nominative fair use. While Capital One jumped on the registrant’s admission that he might run ads on the site, Reed noted:
The Panel disagrees. Respondent did not say that he would do these things, only that he thought he might, and as noted above, he has not followed through with these thoughts. What Complainant states is a certainty is actually a mere possibility.
This case shows how it can be difficult to file a UDRP against a newly-registered domain name; a registrant can make the defense that has plans for the site that haven’t been put into action yet because it takes time to create a website.
Reed suggested that Capital One can refile the case should the domain owner add ads to the website.
Capital One has a pending case against the owner(s) of other data breach domains. When I visited those, I saw ads or got a malware notification, so Capital One might win that dispute.