Ms. Scassa, in your opening preamble, you mentioned business. Right now, the difference between the GDPR and Canada is that we don't have a privacy-by-design or privacy-by-default mechanism. Do you think that's important, or is that a first step to making sure not only that businesses are somewhat concurrent with GDPR but that the relevancy is there?
You also mentioned SMEs. Do you think that, by process, there should be some sort of privacy document or privacy agreement that would be standardized across the Internet, to the extent that we can do it, whereby privacy trust marks could also be used? In this way, we would be helping consumers when they interact with certain businesses to have the confidence that the company has a privacy-by-design or privacy-by-default mechanism and, more important, that it has been authorized by some sort of body so that they would have confidence and there would be a privacy trust mark there. Would that be something that you think would be viable?