This event definition seems more like a notification and is not reflecting a business event which is often more like a state transition. For an event it contains a lot of data, I wouldn’t classify this as a lightweight message.
It more seems like a way to replicate data to another system.
Why can’t the team that creates that customer specific integration channel be trusted in applying the right filtering? Why else would you want to encrypt that data?
Based on what you shared it seems that you have a integration channel per customer. If that endpoint cannot be trusted with all events and cannot be part of a ‘trusted sub system’ then I would create a generic event handler or a event handler per customer on a trusted endpoint that takes care of the distribution/filtering. This event handler would then do a send to an integration endpoint that specifically knows how to deal with that integration and only be send messages with content that is allowed to receive.
Yes, you could go for the encryption strategy but you would be sending a lot of messages to logically different destinations and doing lots more IO then needed for no benefit.
Another option is to not add the data, have a lightweight message and have the recipient do the aggregation by having them query for it. This is especially of interest if the querying would almost never happen.
Does that help and make sense?