
Canada Is Quietly Dismantling Digital Privacy - And You're Probably Not Paying Attention
A Quiet Shift in Canadian Digital Privacy
If you've been following the legislative fire-hose coming out of Ottawa in 2025 and 2026, you might have caught headlines about hate crimes legislation or online safety for kids and moved on. Reasonable - these things sound good on their face. By and large I think the majority of people agree that the internet and mostly, social media has gotten out of hand, and we want children protected, and hate crimes and infringement on free speech, stifled and prosecuted.
>But buried inside three concurrent federal bills is a surveillance architecture that, taken together, represents the most significant erosion of Canadian digital privacy in a generation.
This isn't tinfoil-hat territory. These new laws have drawn such powerful negative attention that multiple companies have threatened to leave Canada entirely:
- Signal has threatened to leave Canada.
- Windscribe - a Toronto-headquartered & Canadian VPN - has said it will relocate its headquarters out of Canada.
- NordVPN is considering the same.
- Apple, Meta, and even the Canadian Chamber of Commerce have all raised the alarm.
- Even chairs of the U.S. House Judiciary and Foreign Affairs Committees have written to Ottawa warning that one of these bills threatens American national security.
Let's break down what's actually in these bills, what the realistic worst-case scenarios look like, and - critically - what you can do about it right now, armed with some knowledge and new skills.
>Regardless of where you stand politically, these developments deserve attention because they affect every Canadian who uses the internet.
The Bills: What They Say vs. What They Mean
Bill C-22 - The Lawful Access Act (March 2026)
This is the big one. Introduced by Public Safety Minister Gary Anandasangaree in March 2026, Bill C-22 is the standalone successor to the sweeping surveillance provisions that were buried inside Bill C-2 (the Strong Borders Act) in June 2025. Those warrantless demand powers drew such universal backlash - from civil liberties groups, legal scholars, the opposition parties, and the tech industry - that the government was forced to strip them out and return with a dedicated bill.
The federal government's stated position is that law enforcement and intelligence agencies are increasingly unable to access information they are already legally authorized to obtain because modern technologies, encrypted communications, and cloud services have outpaced existing laws.
According to Public Safety Canada, the legislation is intended to modernize investigative capabilities while preserving Charter protections and judicial authorization requirements. Critics argue that the bill could establish the technical framework for broader surveillance capabilities in the future.
Privacy Commissioner submissions, legal experts, and technology companies have raised concerns regarding:
- Expanded access to subscriber information.
- New obligations imposed on electronic service providers.
- Data retention requirements.
- Confidential ministerial orders.
- Reduced transparency regarding government access requests.
- Potential pressure on encrypted services.
>
Importantly, the government maintains that the legislation does not authorize mass surveillance and does not explicitly require encryption backdoors.
I personally think it's a VERY slippery slope. Once the technical caveats are met and a system is in place, it's very easy to want to use and abuse it. Anyone remember what Snowden leaked about the USA?