This is good advice, but I'll add to it. Your general counsel is an acceptable, but not great, substitute for a real VP-level privacy officer. Lawyers tend to look at privacy issues with an eye towards compliance, i.e. does this privacy issue subject us to regulatory scrutiny or open us up to lawsuits? They don't always look at these issues from the point of view of "What is our company's philosophy around the sharing of our users' data, around providing transparency and control for users, and does this feature align with that philosophy?" A dedicated privacy professional will explore that question deeply.
In my opinion, in 2020, any company that releases software and has more than like 20 engineers should have at least one VP-level privacy approver who has the power to block releases.
In my opinion, in 2020, any company that releases software and has more than like 20 engineers should have at least one VP-level privacy approver who has the power to block releases.