It ideally doesn't need to be a privacy-invading thing, but rather a way for administrators troubleshoot issues a bit easier without having to get on a screensharing call. I think maybe what makes it difficult is that Gmail might be used as the key to authenticate into other accounts (like for shadow IT).
And in the ideal case, even this action that a Google Workspace administrator logged in as someone else would be automatically written into an audit trail.
It's funny how many assume impersonation is all about privacy, when it's really about empathy: letting you see the situation through the eyes of the person you're trying to help, instead of just responding I don't have that problem in my setup or when using a god account.
And in the ideal case, even this action that a Google Workspace administrator logged in as someone else would be automatically written into an audit trail.