I'm coming at this with my corporate criminal liability hat, and this statute is primarily criminal law. That was one of the astonishing things when I first read this bill. Relying on criminal enforcement comes with some costs in terms of how you prepare evidence and put things together.
What I'm concerned about is when we don't have transparency about who's involved with what decisions in relation to this technology. I can't speak to how it's actually done. I think the experts here can say something about that. What we need to insist on is transparency about who does what, because you cannot convict a corporation or an organization in this country without knowing who did what, what their status is and what their decision-making power is in the organization. I will direct you to section 2 of the Criminal Code, if you want to read it.
Even in the case of regulatory liability, where an employee can engage the liability of the organization, you don't need to have a status-based association that they're a senior officer. You still need to know who did what, otherwise you have no evidence. I think it's really important to make sure we create a regime that forces the information out so that then we can assess.
That doesn't mean we're going to convict all the time or that we're going to prosecute all the time, but if everything is hidden, then this is just window decoration. You will never, ever get a prosecution, or even administrative liability, in my view.