That's the answer I expected, but was hoping somebody had found a proper solution to Atlassian's poor attempt at meeting GDPR.

Do you know what level of permissions are required to see user details? Is site-admin sufficient? Or do they need org admin permissions?

The answer is still no for 'general' user accounts that use personal email addresses. No level of permission allows anyone, even an Org Admin, to override an individual's right to privacy for their personal email address.

Only if your organisation is using Managed Accounts can your Org Admin sets a policy that all users have their privacy settings to allow everyone in their organisation to read their email address. This makes sense, because, in that situation users are logging in with their organisation's email address, not their private, personal email address.

Read the Profile visibility overview for more details

Google this topic. All the questions you're asking have been asked a bazillion times before and the answers are fairly well documented.

Have fun.

Unfortunately Atlassian has tons of documentation that only half-answer most questions. I've found very few pieces of documentation that fully flush out a specific topic.

For this scenario, I am an org admin of an organization with >12k managed accounts. I can't find anywhere (including Google searches) where I can find a policy to force users' privacy settings. The closest I can find is the document you provided which details the defaults, but doesn't share any way of changing the options.

If you can share any links or previous posts I would really appreciate it. I can also reach out to Atlassian Support, just thought of the community first.