That's a very good question.
It's challenging. I think there are small fixes in terms of tools, direction, and guidance in drafting better privacy policies and more condensed or short-form privacy policy templates, as you suggest.
In terms of ubiquitous and continuous collection, people have suggested that there should be pop-ups from time to time to remind people that their information is being collected by the toaster, for example, and that they might want to think about whether they still want that to be happening. There are those types of things. Some of those could be mandated in legislation. Some could be done through guidance from the Privacy Commissioner.
There are others who suggest, as you know, broader fixes, such as moving all sorts of data collection and considering it fairly routine, and consent wouldn't be required. What worries me about that, of course, is the threshold that there be no risk or no harm. I think that in the big data environment, we're still trying to figure out exactly what the risks and the harms are. It's not always obvious at the outset what the implications of the collection of certain types of data are going to be, depending on what is then subsequently collected by someone else and put together.
I think there are some very serious challenges there, and I wish I could say, “Here are the three things that need to be done”, but I'm still struggling with it myself.