Here is the short answer. The issue is being raised in the United States. In 1986, I participated in a study the Government of Quebec commissioned to look at all the laws in the world. One particularity of the American laws, when compared with all the other laws in the world, is that the Americans focused too much on details in their regulations. They were tinkering too much, and that froze innovation. That's why I said earlier that personal information protection legislation should apply to the development phases and not to procedures. That was actually one of the recommendations set out in the report called L'identité piratée, where that approach was recommended regarding Quebec's personal information protection legislation. I understand that legislative approach in the U.S. context.
However, Canadian and European laws are more broad. They don't necessarily impose any procedures. They set management objectives that apply more broadly to the production, storage and communication of information. Companies are left with the responsibility to enforce those laws. That approach is more robust with regard to technological evolution, and it enables companies and organizations to enforce the laws.
Since then, I have noted that those are basically sound governance rules, as I was saying earlier. If sound governance rules are applied, companies will benefit. I will give you three quick examples.
In a large communication services company, they realized that the section covering Montreal Island produced 80,000 memos a month. It took one to three minutes to write those memos, which were totally useless and overburdened people who provided customer service. When I did the work in 1995, I realized that small companies, such as day-care centres, consisted of very small units: a secretary and a business manager. At the time, we succeeded in reducing the quantity of useless information managed to the equivalent of three months per person, to say nothing of the impact that had on the service.
In short, there should be as much involvement as possible in logical information phases—the major phases of the information life cycle—and not procedure phases, so as not to complicate everyone's life.
As I was saying, we must also realize that, when it comes to personal information protection, we should stick to sound governance and transparency rules. Issues such as child consent can be resolved from the outside. That matter does not apply only to the use of personal information, but also to all interactions with children. That may be held as a separate and universal principle.
To summarize, we should not deal with this in a sector-based way, like in the United States, or in such a detailed way, but rather as universally as possible, based on governance phases and principles.