On Bill C-22, which I Lovingly Refer to as Bill C-an We Not-22

21 May, 2026

What is Bill C-22?

Bill C-22 is also called the "Lawful Access" bill, or "An Act respecting lawful access."

It is, essentially, the Part II, the Electric Boogaloo, to Bill C-2, the "Strong Borders Act"; So basically, the sequel to a border bill that nobody wanted.

C-22 would, according to the EFF:

[force] digital services, which could include telecoms, messaging apps, and more, to record and retain metadata for a full year, and expands information sharing with foreign governments, including the United States.

In that same article, the EFF describes Bill C-22 as a "repackaged version of last year's privacy nightmare" (that's Bill C-2).

With its broad applicability and unclear impacts on end-to-end encryption, it would be the biggest invasion of Canadians' digital privacy in a long time, and would add unacceptable risk of significant data breaches.

Now, it does not touch the content of your communication, and you may be thinking - how bad can this be, then?

Image by ev on Unsplash. Glitched and edited.

Quite Bad, Actually

... for a number of reasons:

1. Just because this bill does not touch the contents of your communication, this doesn't mean that this isn't going to be a massive treasure trove of information. Metadata reveals a lot of information about you, such as who you talk to, when you talk to them, where you were when you talked to them, what device you used,... And remember, this not only includes texting family and friends, but also your doctor, therapist, or lawyer. This blanket data storage yields incredibly detailed information patterns on every single individual, and thus infringes on the privacy of millions of Canadians:

2. It is unclear whether this bill would mean the end of end-to-end encrypted (e2ee) messaging as we know it in Canada. The fact that this is not clear is not a good thing, and is one of the central points of contention around this bill.
3. According to this open letter undersigned by many organizations and individuals, "private companies impacted by the bill will be able to use these forcibly created data troves for their own commercial ends." Neat! Also, remember the Canadian Tire data breach!?
4. On top of that, it paves the way for more **"information sharing" with foreign governments.** Including the United States. I'm sure I don't need to explain why this may be an issue.
5. The bill would make it possible for the government to be able to force companies to add a backdoor to their apps/services/platforms. Famously, backdoors get exploited for data breaches (Hello, Salt Typhoon!)
6. This bill, if implemented, is absolutely going to have knock-on effects that further compromise our privacy:
   1. Secure chat app Signal has already warned that it would pull out of Canada completely if made to comply with with Bill C-22. I don't know about you, but I am not keen on going back to WhatsApp. Like, at all.
   2. NordVPN has also said they would rather leave Canada than compromise on their privacy.

Without any prior public consultation or notice, Part 2 of Bill C-22 will now also empower the government to require any digital service provider to record and retain detailed metadata on every single person in Canada or abroad, damaging the privacy of millions who are not suspected of committing any crime or posing any security threat.

How to Take Action

This is important: There are only a few days left to take action. Five, at time of this writing (21 May 2026).

You can review the timeline of the Bill here, as well as see future steps & where we are now. As of today, May 21, the Bill text is still open to amendments. Meaning, changes can still be made. After this period is over - not so much.

Check out the Act section on DontSurveil.Me to see what actions you can take. The most important one:

• Email your MP with your thoughts, and ask them to vote against this Bill. They are your representative; they should hear your thoughts!
  • OpenMedia has made a form letter available here. As always, I recommend you contact your representative with your own thoughts, in your own words, rather than copy-pasting a form letter. You are a person who has individual thoughts, and words to put them into! Plus, form letters may or may not be sent straight to the bin, depending on who you are emailing. Use the form letter as a baseline or for inspiration, but make it your own!
• Contacting your MP is the most important bit, but there are a couple other actions you can take:
  • Boost content around C-22 on your social network of choice. A lot of folks just aren't aware this is happening - or that this is going to affect every single one of us. You can share this article, or one of the many links I have included.
  • Start using secure chat and email apps like Signal and Proton - there is power in numbers!
  • Support digital rights and privacy organizations.

Further Reading & Links You Can Share

• Don't Surveil Me - C-22 is an excellent primer that details the history of similar bills/Acts, why this bill is problematic, and what you can do.
• Scrap Unprecedented Surveillance Measures in Bill C-22 - The Canadian Civil Liberties Association (CCLA)
• What the Government isn't Telling You About C-22 - OpenMedia
• Canada's Bill C-22 is a Repackaged Version of Last Year's Surveillance Nightmare - The Electronic Frontier Foundation (EFF)
• OpenMedia's open letter, undersigned by many organizations & individuals
• The full text of the bill, as presented during First Reading.

Follow this blog via RSS | Find me on Mastodon | Bubbles

Recent Posts

• 21 May, 2026 On Bill C-22, which I Lovingly Refer to as Bill C-an We Not-22
• 20 May, 2026 Alternatives Pt. II - Social Networking
• 09 May, 2026 💌 Newsletter #008 - Of Age Gating (still), Claudia Delusions, and Getting Left Behind

#blog #privacy #tracking