My last question is about the differentiation between data and information. When information is collected about me as a user on the site, my personal information is there, if I happen to be creating an account, for example, but there are also traces of my user information, the sites I go to, things that I may visit, my interests, my hobbies. They can glean this kind of information.
When it comes to reselling this information or data, are you confident, from an industry self-regulation perspective, and comfortable with the fact that enough de-identification of some of the personal things is actually happening? If they happen to know what age group I'm in and what I happen to be looking at or shopping for on the Internet, that's one thing; if they know my name, address where I live, and what I'm shopping for on the Internet, that's a completely different thing.
Are you satisfied that there's enough de-identification? Do we have enough legislative framework around the de-identification of the information that's being resold between the data collector and those who might be interested in it?