Much of the discussion around the new lawful access bill (Bill C-22) has focused on provisions that improved upon Bill C-2, notably the decision to scrap the warrantless information demand power by requiring judicial oversight for access to subscriber information. Yet despite that improvement, there remain serious privacy concerns with the government’s latest iteration of lawful access. Buried in the second half of Bill C-22 is a provision granting the government the power to require “core providers” to retain categories of metadata, including transmission data, for up to one year. This is mandatory metadata retention that would require telecom and electronic service providers to store information about the communications of all their users, regardless of whether those users are suspected of anything. It is one of the most privacy invasive tools a government can deploy and the international experience suggests that there are major privacy risks.
Archive for March 17th, 2026
Recent Posts
The Lawful Access Privacy Risks: Unpacking Bill C-22’s Expansive Metadata Retention Requirements 
The Law Bytes Podcast, Episode 261: Ian Goldberg on the Privacy Risks of Age Assurance Technologies 
Government Enacts Political Party Anti-Privacy Rules With Bill C-4 Royal Assent Sprint 
A Tale of Two Bills: Lawful Access Returns With Changes to Warrantless Access But Dangerous Backdoor Surveillance Risks Remain 
Words Are Not Enough: Countering Relentless Antisemitic Violence in Canada With Action
