GDPR Risks Making It Harder To Catch Hackers

Image of the EU flag on a phone screenImage copyright Getty Images
Image caption Under GDPR, companies can be fined for publishing personal data without consent

A service used to identify and contact website owners has been forced to strip out information on its site to comply with the EU’s GDPR legislation.

Whois is used by journalists and police to make quick checks into the legitimacy of websites. It no longer shows contact names, email addresses or phone numbers.

Icann, the owner of Whois had asked for a delay to comply with GDPR, despite having had years to prepare.

The request was turned down.

Media playback is unsupported on your device

Media captionWATCH: What is GDPR?

In a letter to the Wall Street Journal entitled, The EU’s gift to Cybercriminals, lawyers Brian Finch and Steven Farmer claim: “Police will be robbed of ready access to vital data drastically impeding their efforts to identify and shut down illicit activity.”

“The regulatory rubric the EU has created will make it harder than ever to catch computer hackers,” they wrote.

Mr Farmer told the BBC that the lack of guidance given by the EU is making companies extremely cautious about the regulation.

He said that because “the consequences of getting it wrong are so serious”, companies are being “extremely conservative in interpreting the law”.

“It’s regrettable we didn’t have guidance on the key principles,” he said.

Whois was used by cyber-security firms as well as law enforcement.

Nik Whitfield, chief executive of cyber-security company Panaseer, said he had used Whois to help companies spot dodgy emails.

“The service is valuable for protection as it helps provide context around whether an external website is legitimate or potentially unsafe,” he told the BBC.

However, supporters of the new privacy regulation note that cyber-criminals were never likely to have provided accurate contact details for their scam websites, and highlight that the law does provide added protection for legitimate registrants.

At the time of writing, some websites were still presenting non-redacted website information.