You don’t need GETDATA here; the messages would just be:
sequenceDiagram
Pleb->>Miner: GETTEMPLATE
Miner->>Pleb: TEMPLATE [shortids...]
Pleb->>Miner: SENDBLOCKTXNS [missing-tx-indexes...]
Miner->>Pleb: BLOCKTXNS [secret-transactions...]
Probably having a bastion node would be the best way to avoid sharing data, something like:
sequenceDiagram
Pleb<<->>Bastion: normal relay
Bastion->>Helper: txs, templates and blocks
Helper->>Miner: txs, templates and blocks
Miner->>Helper: txs and blocks
Helper->>Bastion: blocks only
Pleb<<->>Bastion: normal relay
Having a fake node that only relays txs to the miner, but never relays txs from the miner would probably work pretty well; having it pass on templates generated by the bastion node might help ensure CPFP txs and the like don’t get lost, but if the miner and bastion run the same policy and just have slightly different sets of txs, shouldn’t make a huge difference, I think.
Presumably you want something like that now, if you want to prevent early relay of secret transactions that don’t violate standardness rules.