Tag

metadata

4 articles

LegislationMay 24, 20268 min read
The European Court of Justice Already Struck Down a Law Like Bill C-22. Here Is What It Found.
On April 8, 2014, the Court of Justice of the European Union (CJEU) handed down its decision in Digital Rights Ireland (joined cases C-293/12 and C-594/12), striking down the EU's Data Retention Directive as invalid. The Directive had required telecoms in member states to retain user metadata — phone numbers, IP addresses, location data, device identifiers — for six months to two years, on every customer, with police access on a production-order standard. The CJEU found this regime to be a "particularly serious" interference with the fundamental rights to private life and personal data protection under Articles 7 and 8 of the EU Charter, and that the interference failed proportionality because (1) the retention applied to all persons without distinction, (2) there was no relationship between the retained data and the threat the regime was meant to address, and (3) safeguards on access were insufficient. The ruling does not bind Canadian courts. The reasoning is highly persuasive and will be central to any future Canadian Charter challenge to Bill C-22.
LegislationMay 21, 20266 min read
Bill C-22 Doesn't Read Your Texts. It Doesn't Have To.
Bill C-22 (Lawful Access Act, 2026) does not require police to read the content of your communications. It requires "core providers" to retain metadata — who you contacted, when, where, on which device — for one year, on every Canadian. Two former directors of the U.S. National Security Agency have been on record since 2014 that metadata is operationally equivalent-to or more useful than content for surveillance. A Stanford study found that five days of phone metadata is sufficient to identify medical conditions, religious affiliation, and sexual relationships. This article walks through what one year of that data reveals about an ordinary person — not as accusation, but as illustration of what becomes knowable about every Canadian under the bill as drafted.
LegislationMay 19, 20267 min read
Bill C-22 Just Passed Second Reading. With a Liberal Majority, the Path to Royal Assent Is Now Mostly Clear.
On April 20, 2026, the House of Commons passed Bill C-22 — the Lawful Access Act, 2026 — at second reading. The bill is now at the Standing Committee on Public Safety and National Security, the last stage where substantial amendments are realistic before the Liberal majority votes it through. The bill mandates one year of metadata retention by "core providers," authorizes the Public Safety Minister to issue secret capability orders to electronic service providers, and lowers the police access threshold for subscriber information from "reasonable grounds to believe" to "reasonable grounds to suspect." Opposition is from a wide coalition: academic privacy law, civil-society groups, the U.S. House Judiciary Committee, technology firms including Meta and Apple, and the Department of Justice's own Charter statement, which is silent on the metadata-retention question. The Privacy Commissioner of Canada has no statutory oversight role under the bill as drafted.
LegislationApril 15, 20266 min read
Bill C-22 Would Require ISPs to Store Your Metadata for Up to a Year
Bill C-22, the Lawful Access Act 2026, is currently at second reading in the House of Commons. It would grant law enforcement expanded powers to access subscriber information, require telecom and internet providers to retain metadata on all users for up to one year, and authorize secret government orders compelling providers to build surveillance capabilities into their networks.

The European Court of Justice Already Struck Down a Law Like Bill C-22. Here Is What It Found.

On April 8, 2014, the Court of Justice of the European Union (CJEU) handed down its decision in Digital Rights Ireland (joined cases C-293/12 and C-594/12), striking down the EU's Data Retention Directive as invalid. The Directive had required telecoms in member states to retain user metadata — phone numbers, IP addresses, location data, device identifiers — for six months to two years, on every customer, with police access on a production-order standard. The CJEU found this regime to be a "particularly serious" interference with the fundamental rights to private life and personal data protection under Articles 7 and 8 of the EU Charter, and that the interference failed proportionality because (1) the retention applied to all persons without distinction, (2) there was no relationship between the retained data and the threat the regime was meant to address, and (3) safeguards on access were insufficient. The ruling does not bind Canadian courts. The reasoning is highly persuasive and will be central to any future Canadian Charter challenge to Bill C-22.

Bill C-22 Doesn't Read Your Texts. It Doesn't Have To.

Bill C-22 (Lawful Access Act, 2026) does not require police to read the content of your communications. It requires "core providers" to retain metadata — who you contacted, when, where, on which device — for one year, on every Canadian. Two former directors of the U.S. National Security Agency have been on record since 2014 that metadata is operationally equivalent-to or more useful than content for surveillance. A Stanford study found that five days of phone metadata is sufficient to identify medical conditions, religious affiliation, and sexual relationships. This article walks through what one year of that data reveals about an ordinary person — not as accusation, but as illustration of what becomes knowable about every Canadian under the bill as drafted.

Bill C-22 Just Passed Second Reading. With a Liberal Majority, the Path to Royal Assent Is Now Mostly Clear.

On April 20, 2026, the House of Commons passed Bill C-22 — the Lawful Access Act, 2026 — at second reading. The bill is now at the Standing Committee on Public Safety and National Security, the last stage where substantial amendments are realistic before the Liberal majority votes it through. The bill mandates one year of metadata retention by "core providers," authorizes the Public Safety Minister to issue secret capability orders to electronic service providers, and lowers the police access threshold for subscriber information from "reasonable grounds to believe" to "reasonable grounds to suspect." Opposition is from a wide coalition: academic privacy law, civil-society groups, the U.S. House Judiciary Committee, technology firms including Meta and Apple, and the Department of Justice's own Charter statement, which is silent on the metadata-retention question. The Privacy Commissioner of Canada has no statutory oversight role under the bill as drafted.

Bill C-22 Would Require ISPs to Store Your Metadata for Up to a Year

Bill C-22, the Lawful Access Act 2026, is currently at second reading in the House of Commons. It would grant law enforcement expanded powers to access subscriber information, require telecom and internet providers to retain metadata on all users for up to one year, and authorize secret government orders compelling providers to build surveillance capabilities into their networks.