Actually wrt business confidentiality also the information with whom you transact matters.
Nevertheless I love this VOSA design - even more, that in some languages vosa means wasp 
so it can be nicely presented 
Loving the SPENT markers with TTL and cleanup, so the state shall not explode.
Regarding the ERC20 - one of the issues of the ERC20 design is the missing memo (or transfer reference) field ( usable for reconciliation - see the ERC-7699: ERC-20 Transfer Reference Extension for some details and potential ERC20 extension. )
How would you do the reconcilliation with VOSA-20 without reference field?
Regarding the VOSA ERC and its interface definition:
IVOSA20Metadata can be optional - for the cases one wants to set VOSA contract with underlying ERC20.
But there will be cases that one will want to embed the VOSA directly as the extended features into fresh ERC20 ( = no underlying token) .
I.e. I suggest only the core minimum to be required in the standard and defined as the ERC20 extension.
Edit: I see there is the non-wrapped version here: [Draft ERC]: pERC-20 — Privacy-Preserving Native ERC-20 Token Standard .