On 5 Sep 2012, at 23:49, S Moonesamy <sm+i...@elandsys.com> wrote: > The interesting point in the above is the ability for the person to change > his/her mind by reversing the consent. That is difficult to do if it is > consent about a contractual agreement instead of consent to send out an > identifier.
Yes, this is a very interesting point. Do we have the right to revoke our consent and change our minds? How valid are these contracts? What takes precedence privacy rights or badly informed contracts based on marginally informed consent? If a company like Google can retroactively combined my data from a whole bunch of disparate services, utilising 10 years of data aggregation about me, for the sole purpose of profit, without my consent. How valid is a Google TOU? Do my privacy rights take a back seat because I use google services? I don't remember clicking an I agree button to make a Google search. This point, for me at least, brings up many questions I don't have answers too. For instance, In the context of digital identity management, (A.K.A. the use of an identifier) is Google's use of my identifiers, based on this current policy infrastructure of informed consents, legal? Is informed consent acheived for the use of my real ID that is now a requirement of Google services? It would also appear that the current technical infrastructure, surrounding informed consent, is built upon match sticks and corporate vapour ware. Vapour ware fully supported by state access to personal information. Although, it seems quite clear that this does not have to be the case. As the old adage goes "The bigger they are, the harder they fall", we just need the technical protocols, architecture and very open notices. (hint, fight fire with fire) I still have high hopes for CNIL vs. Google to change this (at least a little) Mark
_______________________________________________ ietf-privacy mailing list ietf-privacy@ietf.org https://www.ietf.org/mailman/listinfo/ietf-privacy
