Unless you establish clear signalling and a prioritization within the act, you end up with what we have had for the last period of time, which is that privacy too often becomes an afterthought on legislation that has a significant privacy impact.
On the legislative side, baking privacy into the process is important, not so much privacy by design, so to speak, as it's sometimes referred to, but rather ensuring that there's a recognition that considering the privacy implications of legislation is essentially part of the legislative-making process.
Further, and this was touched on in David's comments a moment ago, where you're confronted with some of the really challenging issues that the last question raised around location, around transfer to what we might see as low protection jurisdictions, whether for sharing purposes or other transfer purposes, one of the ways to at least begin to think about whether or not this is something we ought to be doing or whether or not there ought be some limitations established is to conduct privacy impact assessments.
The move to enshrine that legislatively has a signalling effect, and it also may have a real world effect in ensuring those kinds of things happen.