[SysINT]

The use of the word Privacy is misleading the conversation. We should be setting the goal to make it illegal to collect. It should be illegal for commercial entities to collect information that can be considered personally identifiable information without explicit consent. Additionally, that should not be allowed within a commercial terms of service agreement, and if automated must also provide means to remove with the same timeliness of the automated subscription.

[yeahforsureman]

Consent is a poor tool for such a wide category of data. If you're looking for actual informed consent, we are talking about something either practically impossible or at least a massive strain on people's time and decision-making capabilities over things they often couldn't care less about.

See e.g. F.J. Zuiderveen Borgesius, Security & Privacy, ‘Informed Consent. We Can Do Better to Defend Privacy’, IEEE (Volume 13, Issue 2, p. 103-107).

[SysINT]

In context of the cited article, the assumption is the data was already collected. My posit is that should not be allowed. I do not expect companies should be able to collect and then ask for consent. They should be subject to criminal behavior if they do so before and without explicit request.

[foxhop]

Additionally if we agree to have our data collected, we should still own that data, meaning the 3d x-ray that the othodontist generates is your data, and you should have access to it (from anywhere if digital, or a copy of it if physical), and the choice of it's removal, when said data no longer serves you.

[infinitezest]

This would be a huge step in the right direction but I think it's important to limit surveillance by government entities as well. After all, you have _no_ opt-out options where they are concerned.

[SysINT]

I agree, however expect government regulation to be easier target commercial activities. I additionally am considering existing U.S. law that requires government agencies to perform PII analysis of all projects and have that information available via FOIA and OMB reporting. That does not cover non-U.S. entities.