This is especially true in the fast moving world of the internet. We might think about the controls needed in the future being about where the puck will be. The need for agency, as where the puck is at present, and the desire to solve Privacy issue as where the puck was, while the "Right to be Forgotten!?" as some confusion on the part of an as yet unidentified individual, for the puck was never there!
I fear the regulators are putting far too much energy and focus into Privacy and not enough on Agency or the Capacity to Control our environment. Primacy, Transparency, and Privacy all result from having Agency, which means in the sociological sense; the ability to control one's environment, which in turn relies on having access to usable controls.
All Entities should be concerned about maintaining their Agency, whether they are Governments, Enterprises or Individuals
I wonder whether in the race to secure the internet, we are not rushing headlong towards a world where we ALL lose Agency, apart of course from those that manage to grab it. I see this next phase as the great Cyber Agency Land Grab.
Google, Amazon, Facebook and perhaps to a lesser extent Paypal, all understand this.
Hopefully our regulators will make the switch in time....
An example: Facebook, having become masters of moving the curtains to the their side of our windows, have now quietly moved the ability to protect one's Identity out of our control to a less easy to find, and impossible to control location, ie on our friends Facebook page! Worse they have set the default to "expose" or as I say to my students "Promiscuous Mode". With the upcoming Facebook Graph Search, understanding and applying the controls we do have, will be even more important.
The outcome is that we as individuals have lost control of how we expose our identities, the responsibility or agency was moved to our friends and the control is not placed in the obvious Privacy enhancing location. Agency Fail = Loss of Privacy
There are many more examples; Enterprises of the future will find that they have been disintermediated, and that the internet storefronts of the future will be owned by a small number of powerful corporations. We may achieve cyber security, but at what cost?
If I were in control of an Enterprises' Information Technology Strategy, I would be looking hard to find solutions that allowed an Outside-In approach to Identity, that kept the my enterprise in control of it's assets, and my customers in control of theirs. Easier said than done! I would also be encouraging the regulators to look to solutions that enabled growth of the economy and stop them making regulations that encouraged citizens to believe that they ever could be forgotten, let alone have the "Right to be Forgotten!"