Jeff points out that, in an enterprise, the users/employees etc will not likely have the same fine grained control over the how & where of their identity sharing.
Hence I would write it as..
(where users are okay with this sort of back-channel communication, or where they don’t have any say (e.g. in an enterprise deployment))
The user had her 'say' when she signed the employment contract, and didn't read the sub-clause in Section 4.6 in which the IT department was given discretion to 'use, process, and share the employees identity data as deemed appropriate.'