Thank you.
I just have one question. Then I'll pass my time on to one of my colleagues.
It's the question about being able to provide an administrative penalty, Madam Commissioner. You've often referred to the European model, which has a scale based on the size of the company in question and so on.
What could you do and what would be considered fair, outside the judicial system's practice of due process before the law? In the event of a material breach of an individual's privacy, whether a data breach at a banking institution or whatever the case might be, what size of penalty do you think you would need in order to appropriately levy a fine to provide a deterrent or an adequate punishment for a company such as Google or Facebook or some such, which are multi-billion-dollar companies?