Somehow the requirements need to address the problems with device-device connections. Does that need a separate set of codes?

Here are some of the issues reported, but others relate to information leakage prior to the consent screen, which seems to be the case with a proposed standard from the OIDF. I believe it would apply to the details of 13018-5 as well.

In summary - the interchange at the network level before the data interchange is initiated.

https://www.foxnews.com/tech/detect-creeps-unwanted-bluetooth-tracker-googles-safety-feature

..tom