Hackers Could be Harder to Catch Under GDPR due to WHOIS Limits


WHOIS, a service utilized by police and journalists to identify and communicate with website owners is now forced to limit some information on its site to conform to the GDPR legislation. For years, authorities do their quick search about the website’s legitimacy on WHOIS. Right now, the site no longer displays email addresses, phone numbers, and contact names. According to the owner of the site, he has requested for more time so he could comply with the GDPR but his request was rejected.

EU’s New Regulation

The General Data Protection Regulation or GDPR is a directive in EU law which covers privacy and data protection for all individuals under the European Union. The GDPR mandates that companies must offer consent when filling out forms or when handling online transactions. By yielding to the consent, websites are producing sensitive data, which is collected and stored.

The GDPR’s main goal is to protect EU’s online citizens from potential privacy breach. It covers all companies dealing with personal data of users living within the coverage of the EU regardless of the geographical location of the company. Companies caught not complying with the directive will be penalized severely.

Although there is a tiered method based on the severity, those caught could be fined up to €20 million or 4 percent of the company’s yearly worldwide turnover, whichever is greater. Because of this, numerous registrars and domain name registries involve in publishing details of the owners of the domain in public are affected.

What Could Be The Implications?

Data offered in this kind of database will become limited. This raised the red flag to anti-piracy groups who claimed that GDPR will make it difficult to track down online scammers and hackers. Currently, the WHOIS database limit is information on sites. When the GDPR was not yet implemented, you would find the name of the organization or person, email addresses, physical addresses, and telephone and mobile numbers. But, these are no longer available.

Although the intention of the EU’s GDPR was good, this will make it very hard to detect potential phishing and hacking scams. Additionally, this move could provide an opportunity for an unknown party hiding under the guise of a legitimate party to gather sensitive data. WHOIS database limits rob the authorities of quick access to crucial data significantly hampering their efforts to identify and terminate the unlawful online activity.

WHOIS database download limits will allow bogus websites and scammers to thrive since it is easier for them now to provide false information so they would not be detected. There is a petition letter signed by 50 organizations involved in online security and IP protection. The letter expresses concern that by following the rules, the sites could potentially over correct, pushing aside proportionality, transparency, and accountability.

In other words, they could comply with the GDPR and hackers can easily slip off the radar of online security and privacy authorities. Companies are going to hurdle a new set of challenges because of GDPR and hackers can devise various ways on how to do effectively implement their scams online. It is going to be a difficult decision upholding the integrity of private data and meeting the demands of the EU regulation. But soon, companies can implement technologies and use techniques to easily comply with GDPR without compromising privacy and security.

Leave a Reply

Your email address will not be published. Required fields are marked *