I hesitate to talk about the gold standard. Many people, when asked what the gold standard is, refer to the European Union's GDPR. It is certainly an excellent standard. There are similarities between our recommendations for law reform and the European GDPR. It is an excellent standard. Other countries have adopted similar laws—not exactly the same law.
I'm not advocating that Canada adopt a carbon copy of the GDPR, but there are elements of the GDPR that make a lot of sense, such as the rights basis, proactive audits and objective standards. By the way, the GDPR is sometimes, if not often, characterized as “prescriptive”, i.e., adopting rules that are too minute and get in the way of commercial operations. This is in contrast to Canada's laws, which are principles-based—PIPEDA being principles-based.
I think it is a misconception to talk of the rights-based law as a prescriptive law. A principles-based law is in Canada's interest. We need to have tech-neutral and industry-neutral laws in the technological sector. That makes a lot of sense. In the very same way, a rights-based law protects citizens with rules that are at the same level of generality as a principles-based law. Therefore, both principles-based law and rights-based law are equally adaptable and flexible to the digital world, which is a necessity with the digital world.