Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare

The resurgence of Canada’s surveillance agenda through Bill C-22 reflects a broader global trend of governments seeking unfettered access to digital communications. By obligating telecoms, messaging apps, and other online platforms to store a full year of metadata, the bill creates a treasure trove of behavioral data that can be weaponized by both state actors and malicious hackers. The requirement mirrors earlier proposals like Bill C‑2, which collapsed under privacy‑rights backlash, suggesting that policymakers are willing to double‑down despite public opposition.

At the heart of the controversy is the backdoor provision, which permits the Minister of Public Safety to compel companies to build access points into their services as long as they do not introduce a “systemic vulnerability.” The language is deliberately ambiguous; any definition of a systemic vulnerability that excludes the backdoor itself effectively nullifies the safeguard. This loophole mirrors the UK’s 2025 demand on Apple to weaken its Advanced Data Protection feature, a move that forced the tech giant to disable the strongest encryption option for UK users. Such precedents underscore the risk that legal mandates can erode the very security mechanisms that protect user data.

The opposition from Apple, Meta, and US congressional committees signals that the bill could have cross‑border ramifications. If Canada adopts a model that normalizes forced decryption, allied nations may feel pressure to adopt similar statutes, creating a fragmented global landscape where privacy protections vary dramatically. For Canadian businesses, compliance could mean costly infrastructure upgrades and heightened liability for data breaches. Ultimately, Bill C-22 threatens to reshape the digital rights framework in Canada, with potential ripple effects for international privacy standards.