That is not totally true, the whois data will be still available for anyone with valid reasons to get this information but for that one would need to get an order from a judge.
So you expect me to file a court case in a European court (6000 miles away), pay a lawyer a few $10K, and wait a few months for a judge to issue an order, just so I can find out whether the IP address that was doing weird things on my server was from a fly-by-night ISP in Elbonia, or it was Netcraft? Sorry, that fails the reality check.
Something like that would be quite simple and cheap in my country ...
I don't think there is any country where filing in court to get a judge's order is "simple and cheap", and in particular not fast.
In practice that would not change very much since most registers already sell privacy packages (and certainly are not liking the idea of the end that income).
That is already an existing problem, but one with minimal impact. If I do "whois example.com" (I'm deliberately not telling you who example is, random person I know who has a small business), I get the following answer:
Code:
Domain Name: example.COM
Registry Domain ID: 1519184_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2018-03-09T18:55:08Z
Creation Date: 1998-07-01T04:00:00Z
Registry Expiry Date: 2020-06-30T04:00:00Z
Registrar: Network Solutions, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8003337680
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS3.WORLDNIC.COM
Name Server: NS4.WORLDNIC.COM
DNSSEC: unsigned
which tells me exactly nothing, other than that this person registered with NSI = NetworkSolutions, and is privacy enhanced. I'm quite sure that if I called the phone number up there, they would refuse to help, which is exactly the right thing. After all, my problem is not with whoever owns the domain name, it is with whoever operates the computer. However, if I get their IP address (using "host
www.example.com"), and run whois on the resulting IP address:
Code:
NetRange: 198.46.80.0 - 198.46.95.255
CIDR: 198.46.80.0/20
NetName: IMH-198-46-80
NetHandle: NET-198-46-80-0-1
Parent: NET198 (NET-198-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS54641
Organization: InMotion Hosting, Inc. (INMOT-1)
RegDate: 2012-05-02
Updated: 2013-11-01
Ref: https://rdap.arin.net/registry/ip/198.46.80.0
OrgName: InMotion Hosting, Inc.
OrgId: INMOT-1
Address: 6100 Center Drive
Address: Suite 1190
City: Los Angeles
StateProv: CA
PostalCode: 90045
Country: US
RegDate: 2008-06-03
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/INMOT-1
OrgAbuseHandle: SYSTE299-ARIN
OrgAbuseName: Systems Team
OrgAbusePhone: +1-888-321-4678
OrgAbuseEmail: abuse@inmotionhosting.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/SYSTE299-ARIN ...
That is the information I really need, and which the europeans want to hide: If someone from this IP address (which exactly corresponds to the host that was attacking my server) is doing something bad, here is a toll-free phone number where I can reach a human that can put a stop to it, because they are worried about their own reputation.
I have a real problem with the European Commission wanting to hide that because of some misplaced privacy concern.