Thank you for the question.
I haven't looked at the size of data breach fines, which are for something different from simply not obeying the law on consent when sharing personal information.
My remarks on the size of the EU fines were that they relate to whether you respect the law or generally do not, whether there was a data breach, and whether it happened because basically you weren't investing in security. We've seen that time and time again.
I believe that Industry Canada, which drew up the legislation, is best placed to look at what would be appropriate fines. My only point here—and I didn't come here prepared to talk about it, but the question was raised—is that we need some kind of appropriate sanction. How big that is, I can't answer, but I don't think we should go ahead with that part of Bill C-12 at this point, if Bill C-12 lags so far behind the world standard.