That list might satisfy even the most extreme privacy advocates, at the cost of upsetting everyone else who now has an unusable product.
What the more extremist privacy advocates fail to realise is that if they applied their same principles to a physical shop they'd be demanding that all employees be blindfolded. And then if someone walks through the door drunk and passes out after vomiting on the floor, those employees would have no idea that people were silently walking in off the street before suddenly spinning on their heels and leaving again. Yet who wants vomit-encrusted shopping, in the name of privacy extremism that virtually nobody cares about anyway?
Data collection and storage must be...
* Off by default and opt-in.
* Completely granular.
- For what is collected.
- For what collected data may be used for.
* Agreeing to one form tracking or data collection cannot cascade to another.
* Preference for sharing/selling data to 3rd parties must be off by default and opt-in.
* A users preferences on your service must extend to 3rd parties.
* Must have a non-persistence option. (i.e. data is only stored for the minimum amount of time required to render the service)
* Tracking can be discontinued at any time at the users request.
* Deletion commands must be honored in a reasonable time frame.
* Deletion commands must be propagated to all 3rd parties.
* Agreeing to tracking or any data collection cannot be a requirement for use of a service.
* User must be allowed to view and acquire all data collected about them.
* Cannot be misleading or place any undue burden on a user attempting to exercise their rights.