Thank you very much, Mr. Chair.
Thank you very much, witnesses, for being here today. I think the other committee members have said it well, that we're learning a great deal today. I really appreciate your expertise in this area.
Let me run a concept by you and get your feedback on it. I'm going to call it, for lack of a better term, a reverse negative billing option as far as the privacy or consent form is concerned. Would it be possible, or do you see it working, that unless a user specifically gives consent for their private information to be held by the user—Facebook, Google, whoever it is—and then disseminated, versus their providing specific consent that it may be used...?
As I understand it now with the privacy policies, it basically says that they can use all this information for anything they want. You click “I agree”. Nobody reads the 15 pages. You just click “I agree” because you want to sign up.
Can it work in reverse? Can we set it...whether through Parliament in our rules or laws, or through companies just getting together? I'm going to talk about your self-regulatory model in a second, as my follow-up question. Can we start to put pressure on these companies—and would it work—to have a privacy policy that works in reverse? For example, “You may not use any of my personal private information for any reason unless I specifically consent to your using that information”. Is that viable? Would it even work?