There is nothing in the law about this.

The users component is not designed to limit access to specific groups. If you dont want people to see it then dont give their group access to the component

The lawyers say that when a cms show all registered users to all webmasters, 2 things are required:

1. Let the company comply with RGPD and
2. All webmasters must sign a privacy policy document with the company.

This is quite correct, but, and if they are not webmasters who access the users.
A website of a school, where teachers have access to registered students.
A sports tournament website where coaches have access to registered youth teams
A holiday camp website where monitors can see registered children
Etc, etc, etc.

Ok, maybe it's not an issue but this could be in Joomla 4 and go up a new level, simply allowing an option to show only users of the same group,
Las posibilidades de nuevos escenarios para otro tipo de web que ahora com_users no puede abordar y The possibilities of new scenarios for another type of web that now com_users can not make and third-party com-ponents are required.

I think it's a great best, expressed otherwise.

Why a registered user can see the name and email of a user of a higher group but can not edit it?
That user can not edit it and should not see it

Attached capture of registered user who needs to have access to the administration and com_users and can see the data of users of higher groups.

All of what you say can be achieved without using the user manager. There are much better ways to deal with that level of user management.

In fact for the examples you describe I wouldn't recommend user manager irrelevant of gdpr

Perfect, thanks Brian, so I do not know how to show users from the same group as the webmaster.
If you do not think it would be good to implement it in Joomla 4, you can close the proposal. Thanks again

But if I see it important that a user who must access the com_users not see the data of super-users or users of higher levels

In fact, if I do not mistake, what you are asking for is the implementation of specific permissions for User Groups. I.e. define which groups(s) a specific group of users can see in the User Manager (not only Upper levels btw).

I guess this would be possible. Requires a volunteer with enough coding skills to implement.
This is indeed not specifically related to RGDP.

gdpr/rgdpr or whatever random mix of these letter ...
.. me still looking for the source of the TRUE (with no luck), suddenly everything can be a gdpr/rgdpr requirement/issue ..... #grrr

LOL
GDPR is the English acronym:
General Data Protection Regulation
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en

in French it is
Règlement général sur la protection des données,
therefore RGPD
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_fr

and in Italian
also RGPD
as it is
Regolamento generale sulla protezione dei dati

Are two different topics:

1. About RGPD: Do not show the data of all users to all developers who can access com_users if they have not signed a privacy document

2. About select groups: Being able to assign which groups can be displayed would be a great improvement for Joomla 4 and allow to create other websites that now require a third party extension.

But with the second proposal you can solve the first, limiting what users can see with access to com_users.

Set to "closed" on behalf of @alikon by The JTracker Application at issues.joomla.org/joomla-cms/22371

3.x is feature freeze
if needed please open a new issue for 4.x