It's an excellent question. In international forums and global think tanks discussing privacy, one of the emerging issues focuses 100% on consent. The question is actually not whether it should be an express or an opt-in, as you were mentioning, or an opt-out form of consent; the question is more in a context of meaningful privacy protections. Is consent even the model of the way to go? Perhaps it's a way of robust user control, as mentioned by your colleague Mr. Calkins, in the context of broad and holistic privacy governance. For the meaning of that, again I refer the committee to the excellent joint guidance issued by the privacy regulatory authorities. It's very comprehensive, with over a hundred expectations for how to provide appropriate privacy protections in a balanced manner for business.
The issue is, once you focus just on consent as the trigger to get into a site or user-specific technology, it quickly becomes a meaningless apparatus in and of itself to actually enhance privacy protections, because once you receive that, you still have to address more radically the more broad set of concerns, and those become more important.
This is why internationally you're actually seeing a trend towards not relying as heavily on consent, as many current statutory frameworks do.