Whois can also be used to identify who owns IP blocks. Which is crucial to many applications such as security.
If you don't want your personal information to be visible thats very different to the full range of what whois can do. You can always use a proxy so there are options for privacy available. I've never got a single spam email/call from my whois data.
WHOIS the protocol is not the problem, it is the data it is used to publish. Then GDPR-related mitigations required would be the same whether you are publishing with WHOIS, RDAP or something else.
Also, ARIN only has allocations made in North America.
Plus, ARIN only covers North American allocations.
If you don't want your personal information to be visible thats very different to the full range of what whois can do. You can always use a proxy so there are options for privacy available. I've never got a single spam email/call from my whois data.