The rise of smartphone and internet usage has paralleled an increase in online fraud in India, the world’s most populous country. This has become a significant challenge for Prime Minister Narendra Modi’s administration, which received 2.4 million reports of cyber fraud last year, totaling $2.4 billion.
Also Read: GoDaddy appoints Aman Bhutani as new CEO
Since 2019, numerous lawsuits from Indian and global companies—such as Amazon against counterfeit e-commerce sites and McDonald’s against fraudulent franchise offerings—have emerged. An Indian court blocked over 1,100 such websites in December.
The judge in New Delhi took further action by instituting extensive new protocols, which experts believe have significantly revised the framework of internet governance: Domain registrars must not provide default privacy protection to buyers, the buyer’s information should be disclosed within 72 hours to anyone possessing a “legitimate interest,” and addresses that are variants of protected brand names must be restricted.
Also Read: WhatsApp rolls out new security feature to protect users from online fraud
GoDaddy, based in the US, is contesting these directives before a higher bench at the Delhi High Court, as reported in a Reuters examination of private filings. It asserts that the ruling could adversely affect genuine businesses with names similar to well-known brands.
According to GoDaddy, eliminating privacy-by-default features would necessitate the public disclosure of the identities, addresses, phone numbers, and emails of legitimate website owners, putting them at risk for “predictable privacy and security threats” such as harassment and stalking.
Since domain names function on a global scale and not locally, this mandate could compel GoDaddy to regulate domain names worldwide, they indicated.
Concerning the court’s stipulation requiring a 72-hour response time for companies to provide registration information to those with “legitimate interest,” GoDaddy argues it lacks the ability to determine who qualifies as legitimately interested.
Also Read: Haryana introduces e-Zero FIR system for cyber fraud cases above Rs 1 lakh
Some of GoDaddy’s appeal documents, which span 5,121 pages, suggest that these “commercially destabilizing” directives may lead domain name companies to consider withdrawing from the Indian market.
Neither the Indian government nor GoDaddy responded to Reuters’ requests for commentary.
ENGINES FOR LARGE SCALE DECEPTION
GoDaddy generates annual revenues of $5 billion, managing 80 million domains and serving over 20 million customers. Executives have indicated that India is its largest market in the emerging market sector for 2024.
GoDaddy’s competitors, including Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also filed challenges against the New Delhi ruling, according to court documents, though details of their appeals remain unclear. These companies did not reply to inquiries from Reuters.
The legal battle involving GoDaddy and various other companies was initiated by over 20 organizations seeking court intervention regarding fake websites damaging their brand integrity. Notable plaintiffs included Amazon, McDonald’s, Microsoft, Xiaomi, and Colgate-Palmolive. None of these companies responded to Reuters’ requests for information.
The December ruling categorized the fraudulent websites as “engines for large scale deception.”
The court outlined 14 measures, one of which stated that masking a domain buyer’s registration details should now be a paid option, as the feature functions “as a cloak” hiding the identities of unscrupulous operators.
Despite this court order being in effect, GoDaddy’s website continues to advertise its services as including “free privacy protection forever… we redact your name, address, phone number, and email” from public access.
GoDaddy contends that weakening the privacy feature contravenes India’s data protection regulations and the European Union’s GDPR, which mandates a “privacy by default” policy.
Farzaneh Badii, a researcher based in New York focused on internet governance, criticized the New Delhi ruling, pointing out that such information was redacted in Europe due to misuse through harassment and targeted phishing attacks.
“Those exposed will be journalists, activists, small business owners, and private citizens. The brand impersonators will remain unaffected,” she remarked.
MCDONALD A COMMON NAME, GODADDY SAYS
India’s Home Minister, Amit Shah, stated this year that an individual falls victim to cybercrime every 37 seconds in the country, claiming that inaction could escalate the issue into a “national crisis.”
Although the comprehensive directives from December came from a court, they appeared to follow the input from the government, as indicated by documentation.
An undisclosed 59-page IT ministry report from 2023, included in GoDaddy’s recent appeal, disclosed that New Delhi articulated its concerns about “domain name abuse” and the “lack of rigorous verification” to the judge.
The home ministry, responsible for tackling cybercrime, informed the judge that registration information “should be readily (made) available” for investigative purposes.
This position aligns with Modi’s ongoing disputes with major global tech firms in recent years, as New Delhi has criticized companies like Meta, X, Google, and Telegram—and even pursued legal action against some—for inadequate content policing relating to national interests.
In cases like McDonald’s, the company sought action against 110 websites such as mcdonaldsfranchiseindia.com, some of which improperly utilized its Golden Arches logo to sell fake franchises for substantial amounts.
Following the blocking of these sites, GoDaddy has noted that the court’s additional prohibition on offering alphanumeric variations of a trademark once it is secured—like McDonald’s—may act as “blanket injunctions” that are challenging to enforce.
GoDaddy stated that the term “McDonald” has Scottish roots and means “son of the world ruler,” arguing that prohibiting its use would effectively “confer a monopoly” on a commonly used name with significant linguistic and historical value.
Research indicated by Reuters revealed that domains like mcdonalds-india-franchise.com were still available for registration on GoDaddy India for approximately $10.
Furthermore, the US corporation provided research sourced from Merriam-Webster to contend that safeguarding variations of a protected trademark such as “HUL”—Unilever’s subsidiary in India—could overlap with 118 English words containing those letters, including “hulk” and “moghul.”
According to GoDaddy, it is “virtually impossible to register a domain name that contains an English word without overlapping with a registered trademark.”
The judges are set to hear the appeals on July 16.