> without obtaining verifiable user consent for commercial and government uses.
and if they did obtain it, this data should have trackable provenance, should be revokable, and there should be payment and royalties to the user for its use and continued use
unless you plan on making it DRM protected, how else do you make data revokable? it's just text that can at worst be screen scraped into whatever format they want/need. plus, as we all know, DRM encryption keys tend to have a way of being broken or discovered or whatever other method of being rendered useless.
we can just copy a regulatory regime seen in other industries: non-compliant offerings are outright illegal and anyone trading in it can be sanctioned outright, while compliant offerings have this feature set.
the feature set can have a standardized way of tracking provenance, which the user can look at and revoke its compliance if desired, by signing a cryptographic signature that produces the expected address that approved consent to begin with. the same address's public key would be used for royalty payment. there are many examples of this working in standardized ways in some networks.
How's that working out? I know companies have spent a lot on GDPR compliance and you occasionally hear some headline number of company y fined z amount (which usually then disappears on appeal), but are people actually any less tracked as a result?
That's kind of what I was driving at since a law with no real enforcement is not really worth having. Leaving laws so vague because the tech is still too new to really know how it will be used is also a bad excuse. If the adtech industry could not have survived with strong privacy laws, then it's not an industry that society needs.
and if they did obtain it, this data should have trackable provenance, should be revokable, and there should be payment and royalties to the user for its use and continued use