It started with an unexpected early-morning announcement on June 3, 2026, from Marc Miller, the Minister of Identity and Culture. Mr. Miller said that the government planned to direct the Canadian Radio-television and Telecommunications Commission (CRTC), Canada’s broadcast regulator, to review its two-week-old decision that imposed hundreds of millions in new investment requirements on internet streaming services. My Globe and Mail essay that appeared over the weekend notes that the move came as a surprise, not only because he had chastised the commission a month earlier for moving too slowly, but also because it marked a major reversal of a core Canadian digital policy that had been years in the making. The decision sent shock waves through the cultural sector, but it was only the start.
Post Tagged with: "c-36"
New Rights, New Powers, Long Delays: Bill C-36’s Seven-Step Process for Privacy Reform to Take Effect
The government’s recently tabled privacy reform bill would modernize many aspects of Canadian privacy law, including establishing privacy as a fundamental right in the purpose clause of the new law, creating a data mobility right for individuals that would enable them to move their data from one company to another, and giving businesses the potential to use approved codes of practice. These and many other changes will be subject to intense debate at committee, but the biggest challenge facing the bill is the long sequence of steps required for it to take effect. The government may claim that privacy is an urgent priority, and its recent national AI strategy, overseen by AI Minister Evan Solomon, declares trust to be its “north star”, yet a careful review of Bill C-36 confirms that the law will take years to take effect. This post and the accompanying infographic unpack the many steps built into the bill that, cumulatively, are likely to result in no substantive privacy reforms for Canadians until 2030 or later.
One Step Forward, Two Steps Back: Bill C-36 Modernizes Canada’s Privacy Law, Then Delays It to 2030
Canada’s private sector privacy law is more than 25 years old and there is broad consensus that a modernization is long overdue. Bill C-36, tabled on Monday, is the government’s third attempt at updating the law, following the failed efforts with Bill C-11 in 2020 and Bill C-27 in 2022. My first post on the new bill focused on what I think remains both the most important development and the biggest mistake: the decision to push the Privacy Commissioner of Canada out of private-sector privacy and to place the file with an overloaded digital safety commission. For years, privacy critics have argued that, given the absence of order-making powers or serious penalties, Canada’s biggest shortcoming has been weak enforcement. Yet just as the government adds much-needed new rights and penalties to the privacy law framework, it undermines enforcement once again by introducing a new regulator that will take years to establish. The consequence is that, rather than updating the law for 2027, it is updating it for 2030 or later.
Canada’s Digital Super-Regulator: Bill C-36 Pushes Out the Privacy Commissioner and Hands Private Sector Privacy to an Overloaded Commission
In the last act of an incredibly intense digital policy stretch, the government today tabled new private sector privacy legislation in the form of Bill C-36, the Protecting Privacy and Consumer Data Act. It is a big bill, and my initial take will be divided into two: this post will focus on the seismic shift the bill creates for privacy administration and enforcement, and a second post (hopefully tomorrow) will discuss the substantive changes and additions. I start with the enforcement side because the most consequential feature of C-36 is the question of who will administer the rules. The bill firmly cements the Digital Safety Commission as a new digital super-regulator in Canada, stripping the Privacy Commissioner of authority over private sector privacy law and handing it instead to the same five-member commission the government created a few days ago to police online harms. I believe the approach is unprecedented among peer countries and will have negative repercussions for Canada’s standing in the privacy world. Indeed, removing an Agent of Parliament from private-sector privacy enforcement after decades isn’t something you tuck into a lengthy bill, but rather requires extended public consultation and analysis on how best to ensure Canada has effective privacy enforcement. This is a stunning abrogation of good policy development and a poorly conceived vision of the breadth and importance of privacy.
Privacy as a Fundamental Right? The Government’s Terrible Privacy Track Record Suggests Virtue Signalling Over a Genuine Commitment
The government is set to introduce its long-promised privacy reform legislation early this week, with the recognition of a fundamental right to privacy expected to serve as a foundational element of the bill. Establishing privacy as a fundamental right would be a welcome and long-overdue development, one that many have called for and that was set to be added to Bill C-27, the prior attempt at privacy reform. Yet the framing is difficult to square with the government’s actual record on privacy, which over the past year has involved a steady stream of privacy-invasive measures that leave the fundamental rights rhetoric feeling more like virtue signalling than a genuine commitment. Simply put, the government cannot credibly claim to treat privacy as a fundamental right while actively undermining that right through a series of other bills and efforts to sideline the Privacy Commissioner of Canada.











