We would like to store data from the Admin REST API in our datalake. For GDRP compliance we would like to exclude personal customer data (e.g. e-mail addresses). Is there any way to mask or hide this already in the JSON response. The "Protected customer data" option seems to be applicable only for public apps. Access scopes are apparently not available at field level.
As a solution, I tried to restrict the response to specific fields using the "fields" property. But this seems to work only on top level and I can't select customer.orders_count specifically.