At this point, it's not so much areas of concern as trying to understand where the EU would like to focus what it's doing. I think the European Commission and the EU rules definitely take a very citizen-oriented approach to data protection. It is very clear that with thoughts about a more “opt-in” regime, they are handing a significant amount of power to the individual to control their data and to understand where it's going. It is different from PIPEDA. In the past, we have had very good discussions around the privacy regime related to PIPEDA. It has been reviewed more than once by the European Commission and has been found to be a strong regime.
For us, as we continue to work in some of our international fora—I would point to two that are particularly important—we'll be able to evaluate how PIPEDA is standing up internationally. Also, on two of the important fora, the OECD, the Organisation for Economic Co-operation and Development, has very important guidelines that they've put out on privacy and digital security, which were recently reviewed and updated.
Canada was the lead on the subcommittee that resulted in these updated guidelines being put out. One of the purposes of the guidelines is to say that we want to understand how to make privacy regimes interoperable, because if the data can't flow across borders and is kind of landlocked, it's not very useful. Effectively, we want to prevent non-tariff barriers being imposed on this very important economic driver.