Re: They shall regret GDPR
No, they probably won't. The reason is that I can go and reserve a site and type whatever I like in there. For my personal sites, I entered true information, which I don't really mind being available (neither my phone number nor my email are there, although my postal address is because there doesn't seem to be a good way to avoid it. This hasn't resulted in any spam yet). The registrar checked none of it. No physical mail to the address. No calls or SMS to the phone number. True, they used the email address, so they could see that was true, but those are pretty easy to set up. If I had made a site for scams, I could just put in "Microsoft Support, 1 Microsoft Way, Redmond, WA, 98502, 1-425-882-8080, support[at]microsoft[dot]com". The system wouldn't check, so initial victims would be able to check and see the supposedly correct information. In order to catch me, you'd need to have the authorities contact the registrar and find out the real information.
Now if I'm running one of those borderline legal scams with real companies, I can still provide accurate but misleading data.
Finally, I consider the issue unimportant because I don't think people are using whois to determine scams or not. Most people don't know what it is. Whois services are available only through registrars or the whois terminal command. People who fall for that type of scam are usually nontechnical enough not to use whois, while those like us who might check already know we won't get useful data from a scammer. I see no reason the data must be public; just make it a hidden database and let me publish. After all, any company worth anything will have all that information on the contact us page anyway. For personal sites, you don't need the owner's address as they will have provided you the methods you will use to initiate contact if they want to hear from you. I don't see any problem.