It's great to see the Privacy Commissioner of Canada's blog talking about current tech issues. These are just some thoughts I had while reading it.
Great quote: "defaults are EVERYTHING."
From a Silicon Valley perspective, there's often a compromise between what's best for the user and what's best for the company. Sometimes both of those are in sync and you end up with a great product (like Google's Adsense/Adwords). Other times the products fall short for the user but do wonders for the company (Motorola RAZR). Company's are all trying to build the best product or create the best user experience but in the journey the destination is not always clear; companies might as well ask for as much data up front and determine whether or not they'll need it later. Imagine if you had a site that used cell phone numbers and email only - registration only asks for cell number, name and email. Then 12 months later you realized that knowing the zip code of the user could've enabled some really killer feature using a map. Suddenly you have two products instead of one, because you have all these legacy users whose zip codes you don't know. It's more difficult to support, adds more programming, you might have to send all your users an email asking for this information which would sound like phishing... and a new competitor might come out of the gate with your new feature sans legacy product confusion and stomp you (ah those nimble startups).
One way around this is to ask for the bare minimum of information from which you can extrapolate other data. With a zip/postal code you can get city and country (in the US and Canada and I think in Europe) using a geocoder. With their email address you can get their friends by plugging into the Facebook API. Google's OpenSocial and Profiles features will make it even easier for users to input their info once and then just authorize other companies to use it. It's win/win for everyone, right?
But what if one of those companies makes all your profile data public by default?