[WG-P3] Final Call: Input to OECD panel on Fostering Innovation in Privacy Protection

[Susan Landau]

  On 10/15/10 10:51 AM, Anna Slomovic wrote:
>
> I agree with your general point, but I am not sure that it is sufficient to say that users should be able to disclose only data appropriate to a transaction. Usually, users do not get to determine what is "appropriate." Companies or governments with which users transact give users a choice--either provide the following data or go do business elsewhere. Prime example are third-party apps on various sites. Without some form of requirement that organizations actually request minimum and appropriate data and that users be given a meaningful ability to limit disclosure and still use the site/application/service, we will just keep running in circles.
I understand.  If OECD is going to update its privacy principles --- 
which we then might see reflected in EU regulations --- the 
"appropriate" condition might get some teeth.  Currently it has none.  
Hence the reason for my proposal.  I agree with you that currently the 
"go do business elsewhere" is the norm and that the user has no ability 
to control appropriate disclosure.

So I am talking about what OECD might do in updating the principles to 
increase individual privacy.  Whether such an adoption could actually 
spur a change in government regulations would be the interesting point.

Now that I've explained my thinking, are we in agreement or not?  If 
not, let's keep going (I will be out of email contact most of the rest 
of the day).

Thanks.

Best,

Susan