I'm not sure you'd find it a complete analogue, and I would hesitate to bake something into concrete when the technology is going to move and consumer expectations are going to move. But I do think it does make some sense to have some “if these are your default practices”, so “this is your standard terms of use”, or “this is kind of a standard privacy policy”, which is an expectation that you don't need to do anything additional to get additional consent. But if you deviate from that, then perhaps it does make some sense to bring that to the individual's attention. Among the defects that are identified, I don't think a lot of companies are fulfilling their obligations under PIPEDA well enough with regard to identifying purposes. We could all do a better job. There is discussion of short-form privacy notices, like the nutritional labels, just-in-time notification, which is something I advise my clients about—nobody is going to read your privacy policy. You can't rely on that to be the foundation for your identifying purposes and consent. When you have a form and you're asking for information, you have to make it clear to your consumers at that time what you are going to do with that information. Otherwise privacy policies are just a legal fiction.
On March 21st, 2017. See this statement in context.