Much of the discussion around the new lawful access bill (Bill C-22) has focused on provisions that improved upon Bill C-2, notably the decision to scrap the warrantless information demand power by requiring judicial oversight for access to subscriber information. Yet despite that improvement, there remain serious privacy concerns with the government’s latest iteration of lawful access. Buried in the second half of Bill C-22 is a provision granting the government the power to require “core providers” to retain categories of metadata, including transmission data, for up to one year. This is mandatory metadata retention that would require telecom and electronic service providers to store information about the communications of all their users, regardless of whether those users are suspected of anything. It is one of the most privacy invasive tools a government can deploy and the international experience suggests that there are major privacy risks.
Archive for March 17th, 2026

Law Bytes
Episode 275: David Loukidelis on Why Stripping Privacy Enforcement from Canada’s Privacy Commissioner in Bill C-36 is Unnecessarily Risky Policy
byMichael Geist

June 22, 2026
Michael Geist
Search Results placeholder
Michael Geist on Substack
Recent Posts
Why the Government’s Plan for a Social Media Ban in Bill C-34 Is Unconstitutional
Outdated Data and Dubious Comparisons: Digging into the Government’s AI Strategy Adoption Claims
Why Being Locked Out of Frontier AI is The Sovereignty Threat Canada Missed
Blocked Twice: How Bill C-34’s Kids’ Social Media Ban Would Compound the Online News Act’s Harm to Young Canadians’ News Access
The Law Bytes Podcast, Episode 275: David Loukidelis on Why Stripping Privacy Enforcement from Canada’s Privacy Commissioner in Bill C-36 is Unnecessarily Risky Policy

