The current implementation of the Microsoft Graph API can bring privacy issues for items set as private (events, emails, etc.), as developers who have access to the API can potentially access data which should be protected by the privacy sphere.
One possibility could be new permission on Microsoft Graph, or a more general setting that allows hiding text data from private Exchange tagged items.