Again, we are focusing on specifically data practices with respect to children's information. We're looking at the safeguards, tools and rules.
There is a provision under PIPEDA that talks about an organization being responsible for information in its “custody, including information that has been transferred to a third party for processing.” They “shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.”
However, the focus of the investigation here is very much in terms of what ByteDance is doing with the information of children.