By Independent News Roundup
Bill C-22, the Lawful Access Act (2026), mandates that electronic service providers retain user metadata for up to one year, making it accessible to law enforcement and intelligence agencies with a warrant.
The metadata includes location data, device information, and other digital identifiers.
Critics warn the legislation effectively treats the entire population as pre-emptive suspects, building a massive database of personal information ready for government access.
Government Defends Mass Data Retention
Public Safety Minister Gary Anandasangaree defended the bill as a necessary modernization of outdated laws.
“Canada is woefully behind our most important allies,” he said.
“Technology has moved forward; our laws are stuck in the previous century.”
Justice Minister Sean Fraser stood alongside law enforcement officials as the proposal was unveiled.
RCMP senior deputy commissioner Bryan Larkin argued the expanded powers would improve policing outcomes.
“There’s an actual series of tools here that will eventually lead to greater success, greater efficiencies in police investigations, greater solvency in crime, and, quite frankly, improving the safety of Canadians and, more importantly, addressing the concerns of victims,” Larkin said.
Despite the sweeping scope of the bill, Anandasangaree insisted it does not constitute mass surveillance.
“I want to be clear what C-22 is not,” he said.
“It is not about surveillance of Canadians going on about their daily lives.
“It is about keeping Canadians safe in the online space.”
Critics Warn of “Build the Haystack” Surveillance Model
Privacy advocates say the government’s assurances do not match the reality of the legislation.
The bill creates a mandatory data retention regime, requiring companies to warehouse sensitive information on all users in advance.
However, critics warn that this is a “collect everything first, investigate later” model.
Even without storing browsing history or social media content, the metadata alone is highly revealing.
Location data can expose where individuals live, work, worship, seek medical care, or participate in political activity, creating a detailed digital profile of daily life.
Tamir Israel, director of the Canadian Civil Liberties Association’s privacy program, warned that the bill crosses a fundamental line.
“Being able to categorically order companies to keep everybody’s information, not just people who are suspected of crimes… is different from getting a company to build a backdoor that then police could walk through to grab information,” Israel said.
“You’re both putting people’s privacy at risk, and you’re creating cybersecurity threats.”
Secret Orders and Gag Rules Raise Alarm
One of the most controversial provisions allows the government to issue secret orders forcing “core” service providers to build surveillance capabilities into their systems.
The definition of these providers has not been fully clarified.
Companies receiving such orders would be legally prohibited from disclosing them, raising concerns about transparency and accountability.
The government claims the law includes safeguards, stating that providers cannot be forced to weaken encryption or create systemic vulnerabilities.
However, critics argue that mandating surveillance infrastructure at scale inherently increases security risks and creates attractive targets for cyberattacks.
Partial Rollback From Earlier Failed Bill
Bill C-22 follows the collapse of Bill C-2, a previous surveillance proposal that faced widespread opposition from across the political spectrum, civil liberties groups, and the tech industry.
The new bill includes some narrower provisions compared to its predecessor.
For example, it limits warrantless inquiries to telecommunications companies and restricts those inquiries to a simple confirmation of whether someone is a customer.
Under the earlier proposal, authorities could have sought broader information, including relationships with professionals such as doctors or lawyers, without a warrant.
New Pathway to Access Foreign Data
The legislation also introduces a mechanism allowing Canadian judges to issue warrants for data held by foreign tech companies.
While not legally binding on those companies, the warrants would provide legal cover for voluntary data sharing, effectively creating a workaround for cross-border data access.
The bill also includes exceptions for “exigent circumstances,” allowing authorities to bypass warrants in urgent situations, an area critics warn could expand over time.
Core Concern Remains Unchanged
Despite revisions, critics say the central premise of the legislation remains intact: forcing private companies to act as data warehouses for the state, holding vast amounts of personal information in case it may be useful later.
Even the government has acknowledged that the bill is a reworked version of its earlier failed attempt.
“One thing I’ve learned is that at times when more work needs to be done on a particular bill, you retreat and you come back,” Anandasangaree said.
“You come back with better consensus, better consultation, and better supports from across the board.”
For opponents, however, the concern is not the details but the framework itself.
The bill creates a system that compels mass data collection first, with justification coming later.
.svg){kind=logo}
