I think long-term challenges will focus on the digital innovations we're seeing, on making sure there is the legal framework and on making sure the OPC has the internal expertise to provide good advice on that, in terms of codes of conduct.
There have been some discussions on de-identification and the prevention of reidentification. What is appropriate? How do you accept it, and what kinds of mechanisms do you need to put in place so de-identification is accepted as such? Are you minimizing the risk of reidentification? This is fundamentally important to ensure there is that framework.
On artificial intelligence, more and more of these decisions are being made by algorithms using information, so how do you address that? There were some elements in the GDPR and Bill C-11 related to algorithmic transparency, understanding how those decisions are made and, ideally, being able to challenge those decisions. From a human rights standpoint, there were concerns raised about profiling, so how do you deal with this technology that is at an accelerating pace?
I think this is one of the challenges. Technology is accelerating very quickly, and legal amendments not as quickly. We need to find ways.