Thanks again, Chair.
Commissioner, it seems that a lot of what we're looking at when we look at Facebook, Cambridge Analytica, and AIQ is along the lines of dealing in stolen property. One company acquires improperly harvested personal data and then markets it or transfers it to other unassociated bodies and we have a company like AIQ that says they didn't do anything wrong in harvesting the data. They developed programs based on data that was given to them by another party.
Do you think it's time for specific legislation in this, again, relatively lawless, borderless digital world where, when data is used by a third, fourth, or fifth party, there has to be some identification of the origin of that data?