Problem Definition

As per Important notice: Upcoming changes to Jira Cloud REST APIs to improve user privacy in the future the key and name attributes will be removed from the user object returned in REST API calls.

With that in mind, REST API consumers will only be able to identify users through the accountId, emailAddress(which can be null depending on user privacy) and displayName attributes.

In case the user privacy is set so the emailAddress is not returned and the user has changed his display name to something unrelated to him how can site-admins determine what user they are dealing with just by the accountId?

Suggested Solution

If compliant to the GDPR law implement an access level on the REST API calls which will recognize the user making the calls as a site-admin and thus return the user email or full name history for better identification.

Current state

The privacy changes have been rolled out and at the current state, site-admins can only see the email information from all users regardless of their privacy settings through the UI.

This means that through the user-related rest endpoints site-admins won't be able to see the email address of users depending on their privacy settings.
If the email address fetched from Atlassian is being used by any integrations please refer to the below documentation to get your integration migrated into a connect app or to use 3LO and thus get access to the specific endpoint to get user email addresses:

• Guidelines for requesting access to email address - Announcements - The Atlassian Developer Community
• Integrating with Jira Cloud