That was the point I was trying to stress before. If there is a primary entity by which the information is entered or shared and there are a bunch of sub-organizations taking care of that data—I think you had referred to a data warehousing company or a brokerage—how do you have an agreement with the primary entity through which the information is assigned and shared with the sub-entity? How do you compel production from the sub-entity when the sub-entity may not even be doing business in the same jurisdiction, or may not necessarily have the same moral obligations toward the use of the data? It has to occur near the top level, near the initial sharing of the data. If consumers choose to share information with other third-party sites, the means to compel the destruction of any data they share should be available at the avenue through which they share with the third party. It is difficult when it trees down like that to enforce production and destruction of user data.
On October 16th, 2012. See this statement in context.