For example, the section about subscriptions is currently missing collection subscriptions.

It also doesn't make that much sense to whitelist things in a database that is dedicated to providing (traceable) information to the public.

I think it would be better to change the privacy policy to something along the lines of:

All information you provide is available to the public (whether 'public' means 'everyone on the internet' or 'logged-in users' is probably irrelevant) unless it is explicitly marked as private information.
Examples of possibly private information are anything for which you can choose to mark as private in the preferences, your collections and your email address.

The data dumps do not include any private information and information that you can enter on the 'edit profile' page.

The following services run by MusicBrainz do not follow the above rules:

[mailing lists]
description

[codereview]
description

[exceptions]
Exceptions apply where necessary, for example to comply with the law. Some people have direct access to the database and the web server logs but they won't use that to obtain sensitive data. *

Other services used by Music/MetaBrainz which are not hosted at musicbrainz.org, including, but not limited to GitHub, BitBucket and archive.org, may have different privacy policies that you should take a look at.

I'm aware that the list of services is a list, but it's hopefully a pretty stable one.

• In germany, you can let employees sign http://www.bfdi.bund.de/SharedDocs/Publikationen/Arbeitshilfen/VerpflichtungDatengeheimnis3.pdf?__blob=publicationFile (commitment to data protection according to some laws) or a variant of that, maybe something similar exists for the US.