Brett, You may end up addressing my comment based on some of the previous comments, but my suggestion is slightly different than previous comments so I'll leave it for you as well. I agree with your position that an opt-in system would be better than many other options, but I think that you dismiss the possibilities afforded by an opt-out system a bit too quickly. If legislation required that users first be provided a clear explanation of what data could and could not be sold, saved, etc. and were then provided with the option to opt out, wouldn’t the opt-out system be functionally equivalent (or at least very similar) to your proposed opt-in system? I think the difference between the two systems may come down, in part, to whether the default rule is to favor privacy or “business interests” (at least as that term refers to the businesses gathering data). While I agree that opt-in is a better option, I think that your argument against opt-out would be strengthened by acknowledging that it is inferior at least in part because of a decision that maintaining privacy and control over one's personal information should be the default (in other words, that control of one's personal information is a value in itself).

-- HeatherStevenson - 23 Nov 2009