I am very supportive of all the comments that have been made. We had this debate when I was at the OPC. We did a public consultation, and the question came up about an AI start-up processing terabytes of data. It's not about the size; it's about the amount of data and the kind of data.
To your earlier question as well, I'll just add to some of the comments I made earlier about consent exceptions. I think there is an opportunity to align more closely with the GDPR in the sense of making it available to a broader range of organizations—small, large, etc.
When we're dealing with health data, for example—and I've seen this while working across Canada—we have some small, vulnerable population groups, and they can't anonymize that information with such a small population, so how do we bring that data together? How do we bring health care data together? It's partly through some of these current provisions where there is de-identification. We take out the person's name and we put in a pseudonym, but we still link and then produce really interesting, important statistics.
That's the one thing I wanted to bring forward.