I think that is one of the issues on which one might have a principled view and the technical implementation of it would undermine any idealism that one might have, so I'll be a bit deferential in my response.
I am generally of the view that all default settings should default towards privacy. That's the problem that happened when Facebook put in its privacy settings, which I complained about previously. I think that's especially true in the context of an Internet that always remembers everything. The first book by an academic to be written on this subject was Delete and was about this idea of the importance of finding proxies for forgetting in an information age.
The suggestion you make would go a long way towards that, but I think it would also make for a fairly unusable environment online. I don't know how to actuate that through prescription. That would be an example of where the law could really undermine the other kind of code, software code, by making that sort of prescription.
That said, I think that as you work through these issues with your committee it's absolutely essential that you think carefully about how we make the defaults always towards privacy. That would be one way to try to do that.