Just more evidence for why even "well meaning" policywonks are dangerous. Take for instance the rule that "data must be kept up to date and accurate" How up to date and what is accuracy? So if I have a commercial web page which records transactions on my server, and I stop logging and keep year old records, do some statistic processing on them, I am in violation for having stale data. And what the hell is "accurate" data? All information about other people is subjective. I should be entitled to record any statistics about you for my use that I want. Just by interacting with me you transmit information. If I interact with you and get the "wrong impression" about what type of person you are, am I in violation for storing inaccurate data? (e.g. if I write in my computerized diary "I think John Smith is a jerk.") How will this law affect reputation servers? If my reputation server has what you consider a bad review of you, am I in violation? Privacy should be implemented via cryptography, not obscure politcal machines which are doomed to fail and produce a black market for personal data anyway. -Ray