We're investigating some of these issues, including the Uber case, which is all fine and good. We will try our best to find the truth and make recommendations.
I think part of the solution starts with sanctions. There have to be credible sanctions that give a message to people who would otherwise violate the law that they need to get in line.
As to international norms, it's a laudable objective. I would start with having co-operation between DPAs, data protection authorities, of various countries, and try to harmonize laws to the extent possible.
That brings me to the issue of adequacy and whether Canada's laws should be closer to the GDPR. International norms are laudable—