We have seen with the GDPR that the comprehensiveness of that regulation and its extrajurisdictional applicability became the global standard very quickly. It was a bar that was set high. Yes, a lot of organizations and a lot of companies whined and complained and said that it was going to cost them a lot of money to comply with the law, and they did it anyhow.
We can see the same thing if Canada takes an approach for AI regulation for privacy that has teeth.
I remember when Jennifer Stoddart declined to be reappointed, and she said that PIPEDA could use a little more teeth. That was tough talk. PIPEDA needs it. We can do it, but there needs to be political will.