Some entity types (e.g. User) need to make a more granular distinction between allowing access to view the whole entity vs. viewing just the label of the entity.
In order to solve this problem, a new 'view label' entity operation has been introduced, paired with a new viewLabelOperation variable on the generic entity access control handler (\Drupal\Core\Entity\EntityAccessControlHandler).
By default, EntityAccessControlHandler::$viewLabelOperation is set to FALSE which means that the new 'view label' access operation is folded into the generic 'view' access operation, so existing code is not impacted in any way.
If an entity type requires this distinction between 'view label' and 'view' entity access, a custom entity access handler needs to be provided for that entity type and the value of the viewLabelOperation needs to be overridden to TRUE. See \Drupal\user\UserAccessControlHandler and \Drupal\user\UserAccessControlHandler::checkAccess() for an example.