On phab:T218135, Leszek raised the question of trusted orgs requesting access for people who had requested but had been denied merge rights in the past, as well as people who have held but lost merge rights in the past.
I propose to amend the policy to state that gerrit admins(*) should be advised to not use the "abridged" process without community discussion for people who have been denied before or lost privileges. Trusted orgs should, to the best of their knowledge, inform gerrit admins about such cases.
There is one case for which this would be annoying, though: people who lost their privileges per default, due to their contract or employment ending. It would be nice if they could be exempt from this rule, but that problematic as well: The policy requires privileges to be revoked per default so no information is exposed about whether the revocation happened due to any fault. So there might indeed have been an issue, we can't know.
I cite myself as an example: had this policy been in place when I left WMDE and joined WMF in October, I would have lost all privileges per default, and, with this amendment, would have to go through a community discussion before re-gaining them. Perhaps that could have been avoided if the gerrit admin in question had checked back with WMDE to ensure that there were no trust issues with me re-gaining the privileges. That however raises the question whether it would be legal for WMDE to share information about any issues I might have had working there, or the reasons for leaving.
(*) "admins" being gerrit users who have the necessary permissions to grant or revoke privileges.