Your caution is right. I know you just became a grandfather, I think again, very recently. Congratulations on that.
This is obviously an important part of the government's obligation as everything shifts to digital, and everybody is doing everything with tablets and smartphones at their convenience.
The approach to the legislation is about the consent that's offered. As you know, in the world of big data and in the world of collecting that data, we need to make sure children understand the risks that are online. Not all of this, of course, can be done or frankly should be done as a quasi-parenting function of the government. We all have an obligation to protect ourselves, those we care about, and the broader society.
But we also have institutions and bodies, such as the Privacy Commissioner, the Government of Canada, through legislation like PIPEDA, or through privacy legislation that we have as the Government of Canada more broadly when we're dealing with citizens' interaction with the government to ensure we are protected. This legislation takes steps to ensure, when a child is online and giving consent or sharing information, that the language used is, frankly, plain-spoken and can reasonably be expected to be understood by a child. I know that's a very subjective way of saying it.
Let's say, for example, that a child goes onto a website of a cartoon figure and provides his personal email address, home address, or phone number. That information was drawn out of the child. He's using the website in a way that was duplicitous or not clear, or the child might have given that information in a way...that was duplicitous, and a parent later finds out about it. That is reported to the Privacy Commissioner. The Privacy Commissioner can then take action. The entity putting up that website is forced to immediately take down the website and re-offer that information in a more responsible way.
Yes, there is some subjectivity in all of this, but the approach we've taken is to entrust the Privacy Commissioner with this approach, based on experiences in other jurisdictions around the world, in the trial and error they've had in trying to put in place this kind of public policy. Those firms that don't comply with this certainly can face penalties from the government, or by extension the Privacy Commissioner, and certainly some name-and-shame capacities. You would think that some of these firms, if they're engaged in this kind of behaviour.... If the Privacy Commissioner were to issue a report saying they were engaged in an approach of data collection about our kids that is unsafe and that violates the privacy of our kids, I think that would be a death sentence to that firm.
The powers that are in here are incredibly powerful in the free market for firms that are engaged in this kind of a process. The fine, as my deputy has just signalled to me, is $10,000 up to $100,000 either per data breach or per abuse of the privacy of individuals, including kids.