Agreed. I prefer the approach of e.g. .se who have removed all sensitive data from whois and did so long before GDPR even. While it is a bit more work to reach out to domain holders now it is not like it was easy before since people rarely checked the email addresses which they used to register domains.
I wish registrars allowed you to set the details you want published in whois before they put them in (at least mine doesn't). Hours after buying a domain I started getting spam on a very private email, one which I only used for services I pay for. Sure enough I found my account email in the whois details, luckily I was able to quickly change it before more bots got hold of it.
I work on a registrar and I think the registries are much to blame here. Sure, the registrars should definitely improve their UIs to allow for better control over what is displayed in the whois information but since every registry have their own set of weird rules for domain contact details it is unnecessarily hard for us.
And I wish every registry was as sensible as .se and cared as much about the privacy of domain owners as .se does.
