It depends on the country. In Europe and elsewhere, such as in some Latin American countries, Japan, and, if I am not mistaken, South Korea, the approach we suggest exists, which is to have the protective provisions enforced within a human rights framework.
Then there are considerable penalties so that consumers can have confidence that their data is being handled with respect for their privacy. As one of the committee members said earlier, many companies are acting in a compliant manner, but some really need incentives. So there need to be significant penalties, and there are penalties in their legislation.
I would remind you that failures like Clearview AI's would not be subject to administrative penalties under the provisions of Bill C-11, which is rather hard to understand.