Whois is an interesting case. It's a cornerstone of the open internet. In these times of "fake news," knowing who owns a domain is even more important. On the other hand, whois privacy has been an add-on feature for which domain registrars charge extra for years. I guess we'll see how this shakes out.
Frankly, the original internet and the technologies and institutions that grew out of it were based on gentlemen's agreement and the assumption that everyone was who they said they were and could be trusted. That is very much not the case anymore, however, and the wear shows more and more every day. Unfortunately, I'm not sure that there is a way to fix it in a safe and secure manner that isn't also authoritarian to its core.
I think your observations are quite accurate. I would hazard to add that the writers of the GDPR gave no thought whatever to the aspects you are naming, assuming of course they were even conscious of their existence (rather doubtful, I expect). I think regulatory intrusion, given how The Cloud has evolved, is both inevitable and unavoidable. Certainly, the way the biggest names play fast and loose with PII on it (whether in public profiles or not) and the ambivalent or negative press they get from doing so has been, at best, good for generating awareness and, at worst, the prime instigator of the regulatory action. And like all slippery-slope issues, there will be no going back from the brink these events have pushed us to.