Calrifications on the "should not reveal any personal data" principle

[yoavweiss]

In Designing ancillary APIs that provide new information, the first principle talks about "indication that [exposing new data aligns with the user's wishes and interests". It's not clear what such an indication would look like in practice.

Later on, the section talks about potential mitigations, but those aren't mentioned in the principle itself. Would it be possible to add a mention of mitigations to the principle? e.g. "Ancillary APIs that provide new information should not reveal any personal data that isn't already available through other APIs, without proper mitigations or without an indication that doing so aligns with the user's wishes and interests."

[torgo]

Hi @yoavweiss we discussed in today's call and agreed that we think there are sufficient caveats in the introduction to this section to cover this issue.