Thank you, Chair.
Thank you very much to our witnesses. We've heard some fascinating information here.
I don't even know where to begin, but I'm going to just start, Ms. Grimes, with you.
You said that unbeknownst to most Canadians—I think this is fairly common knowledge—online activities are surveilled. We have data-mining going on out there. We have spiders. We have bots. We have all kinds of things that are downloaded onto people's computers unwittingly. We have spyware, malware, adware, and whatever you want to call it tracking people's activities, whether they're on a laptop or a mobile device. In these user agreements, we agree that our information will be allowed. It's in our settings in our devices whether or not we want to allow cookies, for example, on our computers. It's in our settings on our iPods and our iPads. We get push notifications. We can turn these kinds of things on or off. An educated user will have to make a little bit of an effort to do that. We can get third-party software that will help us protect, for example, our computers at home that our children are on when they're trying to do their homework, so that I as a parent can get notification on what kinds of activities my children may or may not be doing online.
And that's going to be a question I have for you: Do you think my child has the right to be able to do that on a computer, without me knowing what my child is actually doing? I'll save that question for the end.
In all of these agreements, I have one choice: I either accept the terms of the agreement in its entirety or I don't. That's the choice I have. I don't have the option to parse parts out.
My question, broadly, for all three of you is do you think there should be a legislative or a regulatory requirement to have these kinds of agreements parsed out in such a way that an end-user can actually have the ability to select which parts they're going to agree to, or which parts they're not going to agree to? Most of these things set defaults on how my information is going to be shared with a company like Acxiom, which frankly has me terrified.
I know how these things work, because I used to be a database administrator. I understand how these data points are collected, and many of these things are collected without my knowledge. I'm sure my name's in Acxiom, because I'm an avid computer user, or if it's not in Acxiom it's somewhere else. Somebody has information about me and my browsing habits and my user habits, and so on. So this is a very frustrating thing.
Why can I as a user not have the ability to choose which parts of the agreement I want to agree with and which parts I don't? Is that a reasonable thing, from a regulatory environment point of view, for a government to be involved in?