- Canada promises to amend Bill C-22 to better define encryption and metadata rules
- The move follows massive backlash from Big Tech and privacy tech companies
- Minister for Public Safety is still adamant that the legislation “must happen”
After an intense backlash from tech giants, privacy advocates and some of the top VPN providers, the Canadian government has announced that it will amend the controversial lawful access law known as Bill C-22.
The proposed law is designed to help law enforcement and intelligence agencies access digital information during high-stakes investigations. However, critics argued that its extensive technological requirements would effectively force companies to build backdoors into encrypted platforms, putting global cyber security at risk.
Wednesday, Public Safety Minister Gary Anandasangaree confirmed that the government is drafting amendments “to ensure there is clarity about what encryption is”, while promising to better define metadata in legislation.
Despite the planned revisions, Anandasangaree stressed that the broader push for the bill to give authorities legal access to citizens’ data will continue.
“This is something that has to happen,” he told reporters, noting that police and intelligence agencies require updated tools to combat evolving technical threats.
Tech giants and VPNs are threatening to leave
The government’s decision to revise the bill comes after weeks of fierce criticism from the technology sector. Under original wording, Bill C-22 would force undefined electronic service providers to retain metadata for up to a year and adapt their systems to hand over intercepted data to investigators who have a warrant.
In addition, the legislation allows the Secretary of Public Safety to issue secret orders forcing providers to retrieve data or track devices, orders that the companies would be legally prohibited from disclosing to their users.
This sparked a concerted defense of privacy by major industry players. Meta and Apple raised alarms, while Google joined the privacy backlash, warning a parliamentary committee that the legislation “could facilitate foreign interference and weaken global user privacy.”
We won’t be far behind if the C-22 passes. In its current state, VPNs will almost certainly require us to log identifying user data. Signal is not headquartered in Canada, so they can just shut down Canadian servers, but our headquarters is. We pay an ungodly amount in taxes to this corrupt… https://t.co/SUb4yDV7o514 May 2026
Apple’s senior director of user protection and child safety, Erik Neuenchwander, testified Tuesday about the dangers of weakening security.
“When you build a backdoor into an encrypted device, anyone can walk through, and because so much depends on encryption, we can’t take that risk,” Neuenchwander told lawmakers.
The privacy community has been equally vocal.
Proton VPN stated that it is out of the question to compromise its no-logs policy, while ExpressVPN also claimed that its no-logs architecture and encryption are “non-negotiable.”
Secure messaging app Signal, along with NordVPN and Windscribe, threatened to pull their services from Canada entirely if forced to comply with surveillance requirements.
Political opposition and next steps
The Canadian security community has long argued that modern encryption leaves them behind faster than criminals. Speaking to the CBC, the National Security and Intelligence Committee of Parliamentarians (NSICOP) said that encryption, along with the large amount of digital data, makes it “difficult and sometimes impossible to gather the information needed to conduct effective investigations.”
While Anandasangaree stated that the new changes will aim to bring the bill’s encryption provisions in line with US counterparts, the move has not completely quelled political opposition.
As reported by the CBC, Conservative leader Pierre Poilievre said his party will “have to see” the changes first, but added, “So far we are extremely suspicious,” accusing the government of trying to build “a surveillance state.”
The Public Safety Minister pushed back against the Big Tech industry’s outcry, questioning their commitment to user security. “We live in a world where big tech, whether it’s Apple, Google or the array of other big tech companies, operate without any accountability,” argued Anandasangaree.
With the Liberal government holding a majority, they can pass the revised Bill C-22 without support from the Conservatives, NDP or Green Party, all of whom have expressed opposition. How far the new changes will go to actually protect users’ privacy remains to be seen.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
