I have a couple thoughts on that. The first is to say that I don't think it's the role of government to come charging in saying, “We're the new sheriff in town when it comes to social media, and we're going to fix everything that has to do with the choices these private companies and individuals are making”.
Frankly it's tough to keep pace with what's happening. As we've heard, we're not even sure, necessarily, what the business models are sometimes. We don't know if there is a business model in some of these instances. So I think taking the approach that government knows and is going to fix everything would be foolish. That said, there is unquestionably a role for government and regulators to set certain parameters about what is appropriate and to ensure that it reflects Canadian values about what's right from a privacy perspective and what's right in terms of an obligation from a security perspective, as well as about the range of different issues that arise.
In that context, I find I'm a bit more optimistic about the prospect that government can engage in that broad rule-setting. PIPEDA, in many respects, was designed, at least initially, with the best of intentions to try to do just that. As Professor Steeves noted, we've now had more than 10 years of experience, and that experience has shown that there is a need for adaptation of the law. So it's not that we're changing something every 10 weeks. But surely every 10 years is enough time to say that there are shortcomings within the legislation on the privacy side that we can fix to ensure that the sorts of broad parameters around some of this activity better reflect what Canadians expect when they venture online.