On the oversight piece, the second piece you mentioned, I noted that in your opening remarks you said that apps that have information will be removed after three months, that permissions will be revoked if it looks as though they're being abused. However, our committee has heard that once somebody has access to this large volume of information about an individual, they can create psychosocial behavioural profiles of that person, so that even, for instance, in the case of Cambridge Analytica, if the information has been returned to Facebook and deleted from the servers, it doesn't matter anymore because they have that behavioural profile, which then could be in the hands of anybody.
How do you prevent that from happening, and how do you make sure that flow of information is stemmed to begin with?