I am now beginning to wonder if we are chasing a false choice or dichotomy. Is the choice really between privacy based on individual rights vs individuals’ belief that they have been harmed? Is broader better or worse? If we are making a choice based on a fear that commercial interests won’t participate in the IDESG IDEF, what is that fear based on? Outside the digital divide if we go the highly automated (high velocity) route to identity management the issues and choices will likely become invisible to the individual. Risk management may help. As I understand this privacy approach it is based on both rights and harms. From the perspective of the individual human being do not harms require a higher burden of proof (in time and money) than rights? Without portability there are no remedies currently today so is not portability an essential piece of this our requirements. Human Rights
The sense that is emerging is that we need a conjunction of the rights and harms language along with a portability requirement.