Exactly.
For my mom's Fitbit, each piece of data is a piece of personal information related to her activity. If she was required to provide express consent every time that personal information was provided back to the organization, she'd be on her watch all day clicking “yes” because every single one of those pieces of information requires express consent. That is because the definition is that if information is subject to a fundamental right to privacy, then that's all information. We said in the preamble that the purpose of personal information is that people have a fundamental right to privacy, which means the privacy related to their personal information.
Now, we then mitigate that and enable it through all of the provisions of the rest of the act that say how that plays out in various situations. Sometimes it's through express consent. The act talks about ways in which you can potentially have a legitimate interest and ways in which you can potentially ensure that there are exceptions to consent. However, none of those play out if all information is sensitive because, essentially, you then need to expressly say “yes” every single time.