I think the fact that it's a technology-neutral law is very positive. I think the fact that it's principle-based and not prescriptive works, as well. If you can imagine changing a law or creating a law every time a new technology is developed, we'd never keep up with it.
I think the outcome with Facebook was very positive, because, as you say, it's a whole new business model and a new technology that didn't exist. The architects of the law couldn't have foreseen SocialMedia and Web 2.0; they couldn't have seen that. Yet I think our investigation of Facebook showed that the law was flexible, and it confirmed the commissioner's reach into the U.S. The data on Facebook is all stored in California, but one in three Canadians has personal information on Facebook. So Canadian law had a huge impact globally on a business model where individuals are posting their own personal information on the web when there's a commercial engine operating in the background. So it's a mixed personal and business use.
Our jurisdiction was accepted with a California-based company and global data flows. I think that demonstrates that our law is pretty good. Does it need to be adjusted? I think there are all kinds of problems. I think the street imaging technology is a good example where the law was built on the basis of a one-to-one consent regime, you and your bank. Now, if you take Goggle Street View, it's one-to-many. So you've got one company collecting information from many people. Does the implied consent regime work? I think it's problematic. But is there a better law out there right now? I don't see it. I think our law is working as well as any other data protection law at present.