In fact, registrant privacy is not good enough yet and needs strengthening. We also need to remember that all registrants are users as well... It depends on your definition of user. If it is user of ICANN services, then users are the same as registrants.
I am against Whois privacy, except in individual/non-commercial cases. I fight spam and I use whois as an attempt to track down spammers. No legitimate business operates anonymously. In the USA, a DBA is a public record -- If you operate a business, who the business is is public. Law enforcement tends to be slow to act (unless it is a hot political item). Try getting law enforcement to take a report on an e-bay fraud, bad check, etc. In some places you practically have to put a gun to their head to take a report. If you look at the recent criminal prosecutions for spamming, you have Ralksy/Bradley who had been civilly sued a few times before the Feds got involved. With Robert Soloway, Microsoft and others had gotten judgments against him before the feds got involved.