could be private by default, without an option to disable that.
Zcash currently allows all 4 directions between transparent t addresses and shielded z addresses: t2t, t2z, z2t, and z2z. I'm not sure how these qualifiers work if you have different types of inputs, or different types of outputs in one tx.
A first step to phasing out transparent addresses is to disable z2t, so once shielded you stay shielded. A 2nd step is to disable t2t, so you cannot create new transparent outputs.
Are there existing concepts / ideas about the very question how to best 'add' privacy to an existing coin (in terms of what to do with pre-upgrade UTXOs and whether privacy can or should be optional afterwards)?
IMO a coin that values full auditability should keep private amounts optional, although one could argue that with ElGamal commitments, at least unconditional soundness is preserved.