Yes. Certainly there's an opportunity to provide clarity to people about what information they're providing and what it's going to be used for, either right away or in the future.
One of the challenges with Facebook, for example, is that when I signed up a long time ago—and I'm not on there now—its privacy statement may have said one thing and then 10 years later it's had a number of different updates. Now it's doing all of this different advertising; it wasn't advertising when I started. In that respect, there do need to be clear statements and clear guidelines. I think there's a role for government to provide that legislation and those regulations so that companies know what they need to provide to consumers, voters, political parties, and whomever to let them know what's going to happen, what they can do get their information back if they don't want it to be used, and what type of notification requirements there are. All of that stuff should really be included.
With respect to going as far as the GDPR does in all of the ways, I know there are a number of services in the U.K. and Europe that have had to shut down, not because they're doing anything wrong, but simply because of the IP restrictions and limitations. They're working on ways to work within the rules to still provide those services. We have to be cautious about how that's done, but there's certainly a lot of room for opportunity there.
