Regarding no. 2, above you might be referring to the suggestion I made at the tail end of the meetup as follows:
Others have suggested standardizing PPs as a means of driving the creation of norms, making the privacy experience more consumer friendly, and reducing transaction costs associated with new venture formation. Standardization is not cost-free, however. Firms bear coordination costs when they try to come together to set standards. Coordination costs are usually the reason why standards setting efforts fail.
In order to drive a PP standard settings process, I suggest the following: Industry participants should convene a PP standard settings organization ("SSO") to formulate and promulgate the adoption of a PP standard reflecting best practices. In return for joining the SSO and adopting its PP standard, the a firm will be entitled to raise a "safe harbor" defense in an action brought against it to remedy a violation of statutes and regulations that govern the use, storage, sale, etc., of consumer data. The safe harbor defense, if successfully asserted, would create a rebuttable presumption of no privacy violation that could be overcome only on proof that the actual privacy practices of the firm were not SSO compliant. In addition, where the safe harbor defense applies, the burden of proof that rests with the party alleging a violation would shift to something greater than the burden of proof that normally applies in privacy litigation (e.g., a preponderant evidence burden would shift to a clear and convincing evidence burden).
The idea here is that the safe harbor defense could incent firms to bear the coordination costs associated with participating in the SSO.