An interesting idea for approaching privacy online. Companies will wail and moan that it will cost too much, but they adapted to HIPAA and it didn't put anyone out of business (that I know of). In fact, HIPAA created (or maybe just enhanced) a whole new market segment.
Without a fairly standard structure for the sharing agreements, though, I wonder how much this could really protect the consumer. And by "standard" I mean clear limits companies cannot cross when creating agreements. And what say does the consumer have in that sharing. Can the consumer choose not to be included in that down stream slow? How clear will that choice be?
As we've seen from Facebook privacy settings, not everything is obvious. There are a lot of settings and many people ignore them all. Or don't understand them.
Not all implementations are equal and not all companies treat their customers the same. The guidelines, like HIPAA, are the key as we learned from the first recommendations that had to be revised.
In general, I like the idea but we need to think about how this is like and not like the HIPAA analogy. And how do we build in reasonable protections for both consumer and company? What do you think?http://techcrunch.com/2012/05/05/chain-link-confidentiality-hipaa-for-online-privacy/