- Canada Vows to Amend Bill C-22 to Better Define Encryption and Metadata Rules
- The move comes after a massive backlash from big tech and privacy technology companies.
- Minister of Public Security remains firm that the legislation “has to happen”
Following intense backlash from tech giants, privacy advocates, and some top VPN providers, the Canadian government has announced that it will amend the controversial legal access legislation known as Bill C-22.
The proposed law is designed to help law enforcement and the Canadian Security Intelligence Service (CSIS) access digital information during high-risk investigations. However, critics argued that its broad technological demands would effectively force companies to build backdoors into encrypted platforms, putting global cybersecurity at risk.
On Wednesday, Public Safety Minister Gary Anandasangaree confirmed that the government is drafting amendments “to ensure there is clarity about what encryption is”, while promising to better define metadata in legislation.
Despite the planned revisions, Anandasangaree stressed that broader pressure for the bill to give authorities legal access to citizens’ data will continue.
“This is something that needs to happen,” he told reporters, noting that police and intelligence agencies need updated tools to combat evolving technological threats.
Tech giants and VPNs threaten to exit
The government’s decision to review the bill comes after weeks of harsh criticism from the tech sector. under the As originally drafted, Bill C-22 would require electronic service providers indefinitely to retain metadata for up to one year and adapt their systems to deliver intercepted data to investigators who have a court order.
Additionally, the legislation allows the Minister of Public Security to issue secret orders forcing providers to recover data or track devices, orders that companies would be legally prohibited from disclosing to their users.
This triggered a unified privacy advocacy from major industry players. Meta and Apple raised the alarm, while Google joined the anti-privacy backlash, warning a parliamentary committee that the legislation “could facilitate foreign interference and weaken users’ global privacy.”
We will not be left behind if C-22 passes. In their current state, VPNs would almost certainly require us to log user identification data. Signal is not based in Canada, so they can just shut down the Canadian servers, but our headquarters is. We pay an ungodly amount of taxes to these corrupt… https://t.co/SUb4yDV7o5May 14, 2026
Apple’s senior director of user privacy and child safety, Erik Neuenchwander, testified Tuesday about the dangers of weakening security.
“When you build a backdoor into an encrypted device, anyone can get through it, and since so much depends on encryption, we can’t take that risk,” Neuenchwander told lawmakers.
The privacy community has been equally vocal.
Proton VPN stated that compromising its no-logs policy is out of the question, while ExpressVPN also argued that its no-logs architecture and encryption are “non-negotiable.”
Secure messaging app Signal, along with NordVPN and Windscribe, threatened to pull their services from Canada entirely if they were forced to comply with surveillance demands.
Political opposition and next steps
The Canadian security community has long maintained that modern encryption leaves them outmatched by criminals. Speaking to CBC, the National Security and Intelligence Committee of Parliamentarians (NSICOP) said encryption, coupled with the large volume of digital data, makes it “difficult and sometimes impossible to collect the information necessary to conduct effective investigations.”
While Anandasangaree claimed that the new amendments will aim to bring the bill’s encryption provisions in line with their US counterparts, the move has not completely quelled political opposition.
As CBC reported, Conservative leader Pierre Poilievre said his party “will have to look at” the amendments first, but added: “So far we are extremely suspicious,” accusing the government of trying to build “a surveillance state.”
The Minister of Public Security responded to protests from the technology industry and questioned its commitment to user safety. “I think there are several areas of misinformation,” Anandasangaree argued. “We live in a world where big tech companies, whether it’s Apple, Google or other big tech companies, operate without any accountability.”
Since the Liberal government has a majority, they can pass the revised Bill C-22 without the support of the Conservatives, the NDP or the Green Party, all of which have expressed opposition. It remains to be seen how far the new amendments will go to actually protect user privacy.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
