Much of the discussion around the new lawful access bill (Bill C-22) has focused on provisions that improved upon Bill C-2, notably the decision to scrap the warrantless information demand power by requiring judicial oversight for access to subscriber information. Yet despite that improvement, there remain serious privacy concerns with the government’s latest iteration of lawful access. Buried in the second half of Bill C-22 is a provision granting the government the power to require “core providers” to retain categories of metadata, including transmission data, for up to one year. This is mandatory metadata retention that would require telecom and electronic service providers to store information about the communications of all their users, regardless of whether those users are suspected of anything. It is one of the most privacy invasive tools a government can deploy and the international experience suggests that there are major privacy risks.
Archive for March 17th, 2026
Recent Posts
Improv Policy: The Government Doesn’t Know What To Do About Its Online Streaming Act Mess 
Soft Ban or Hard Verification Requirement?: Why Bill C-34’s Social Media Ban Exemption Gets the Incentives Wrong and Comes Too Late to Matter 
New Rights, New Powers, Long Delays: Bill C-36’s Seven-Step Process for Privacy Reform to Take Effect 
The Law Bytes Podcast, Episode 273: Rebroadcast of the Globe and Mail’s The Decibel on Canada’s First Steps Towards a Social Media Ban 
Midnight Madness: The Government Rushes Lawful Access Bill Through the House Without Debate or a Recorded Vote
