It is not necessary in the purchasing of a domain name to publish personal information in WHOIS. Come GDPR implementation date, it is likely that the vast majority of newly purchased domains will not publish information into WHOIS. Given that most of these domains won't have private info go into WHOIS, how can you possibly argue that it's necessary?
All that's needed for the domain name system to work is to configure nameservers on the domain. That's it. Anything else is certainly not necessary. All WHOIS has ever done for me is resulted in fake domain renewal mailings, spam emails, and unsolicited spam/phishing calls. None of this is anything close to necessary.
ICANN and domain registries think WHOIS is necessary. Therefore, it is necessary. Technically, it is not required, you are correct.
And guess what? All that spam and stuff is still going to happen without whois and with the GDPR. It's cute that you think otherwise, but once your info is out there, there's no getting it back. Spammers don't care about your "consent" or your "right to be forgotten."
Source on domain registries thinking that WHOIS is necessary. It's a cost center, not a profit center, and some of us would rather not have to do it.
And no, that info would not be out there, and certainly not in such an easily discoverable format, without WHOIS. There's plenty of incoming spam I've received, both physical mail, email, and phone calls, that can be solely attributed to registering a new domain name with publicly visible info in WHOIS. Had that information not been public, I would not have gotten that spam, full stop.
All that's needed for the domain name system to work is to configure nameservers on the domain. That's it. Anything else is certainly not necessary. All WHOIS has ever done for me is resulted in fake domain renewal mailings, spam emails, and unsolicited spam/phishing calls. None of this is anything close to necessary.