That's an idea, and something that could be described as "triple opt-in", I guess. It's a nice idea, and would help site owners provide absolute transparency about what they do with their readers' data.
I've never seen that implemented anywhere, though. That's most likely because one more step would probably turn potential subscribers away.
Yes it would turn potential subscribers away, subscribers like me that do not want my e-mail address shared with a third party.
My e-mail address was shared with a third party despite the fact that the blog has a written policy stating they don't. So jetpack - which was enabled for a different feature (blog subscriptions were working just fine without it) ended up violating their policy and sharing my e-mail address with you.
They have since disabled jetpack.
It may turn away some subscribers, but that's not a valid reason not to do it. If it turns away some subscribers, it is because those subscribers do not want their e-mail address shared with you.
To not tell them until it's done because they might not want it - that's called deception.
I know exactly what your game is. Your company saw Google get rich by making all of us the product they sold to advertisers. And now you are trying the same thing - release stuff like jetpack hoping it gets data pushed through your cloud where you can track us and our interests, and with our e-mail address, even track us on blogs that don't use jetpack because you can use the hash of our e-mail address to look at gravatar requests.
It's really slick but it is also really slimy, and I do not consent to being your product that you track.
Specifically making people aware their e-mail address will be shared with your before it is shared with is the right thing to do, and just for the record, just about every web site that has a privacy policy i looked at - that policy specifically states that e-mail addresses will not be shared with third parties and you are a third party.
So for your product to be used on those sites and not violate their policy then you MUST make the users aware the e-mail is being shared BEFORE it is shared and allow them to opt out.
Look at your company's history. You have snuck tracking software into updates without it being opt-in, "accidentally" started putting advertising links into jetpack - removing when caught, only to "accidentally" have it happen again six months later, etc.
I don't buy the slick talk - I look at your history, and it isn't clean.