Okay, great. That was helpful.
I know, Mr. Garon, that you weren't able to be here last time and your colleague was filling in. I had asked a question that I think is important for this debate. If personal information is not deemed sensitive, that doesn't necessarily mean that it's not protected and that it doesn't have some pretty stringent requirements that have to be followed.
I think that's important to realize. Just because some personal information.... If we over-regulate, in the sense that every piece of personal information or a very large swath of it can be deemed sensitive, then it will require that high bar of express consent, which could lead to not being able to recognize context dependence and which doesn't allow the OPC to issue guidance and evolve with guidance. It leads to consent fatigue, which I think is something that we should take seriously.
Are there any specific factors that are listed there that are problematic from your perspective? There are some of them that I think we agree with generally, and some of them that I have concerns with. I think financial information was one, and perhaps there was the biometric one as well.
Mr. Schaan, can you maybe illustrate that a bit?