Users don't dictate terms, though. How my API works is up to me.
If I target use cases that prefer truncation of messages to errors, then surely it's acceptable for me to build it that way, right? I'm not saying it's a good idea in general. I'm saying it can be acceptable in the appropriate context.
What makes you think that the API described in this post would be subject to those kinds of legal and/or regulatory requirements?
Could it be the case that the author knows prima facie that no such requirements exist for their service?