I'd start by noting that some of my writings around opt-in consent have tended to focus on the private sector side, where we have legislation in PIPEDA that opens the door to both an opt-out and an opt-in system. It seems to me that the opt-in standard is a more effective one from a privacy perspective, and I think leaves individuals with much better knowledge about what they're actually agreeing to and how their information is going to be used.
As Mr. Fraser pointed out off the top, the consent model doesn't map as nicely on the public sector side because there's lots of information that government is going to collect with or without our consent. In a sense, our consent doesn't really matter. There is certain data that you have to have.
Your particular example is a good one though because it takes us into the realm not of collection but rather of use, and raises the prospect of asking if we could establish, or if we should establish systems that more effectively give people some amount of control over their information, not necessarily at the collection level—although even there we could think about what we could do—but more at the use level and at that sharing level.
Are there certain things that we don't need consent for because there is no reason to think about consent? Where we are looking more into opting into certain kinds of programs and it is necessary to have that information to do it, then you can make the argument that, perhaps it's more appropriate to say, if you don't want to avail yourself of that service or that opportunity, that's your choice. But the only way that you can is if you provide the necessary consent.