What is Bill C-22?
What Is Bill C-22? Bill C-22, officially titled An Act respecting lawful access , is a Canadian federal bill introduced in 2026. Its short title is the Lawful Access Act, 2026 . In
What Is Bill C-22?
Bill C-22, officially titled An Act respecting lawful access, is a Canadian federal bill introduced in 2026. Its short title is the Lawful Access Act, 2026. In simple terms, the bill is about updating how Canadian law enforcement agencies and the Canadian Security Intelligence Service, also known as CSIS, can access certain types of digital information during investigations.
The main idea behind Bill C-22 is that crime, national security threats, and online harm have changed in the digital age. People now use messaging apps, online platforms, cloud services, and digital accounts in everyday life. The government argues that police and security agencies need modern legal tools to investigate serious crimes and threats effectively.
At the same time, Bill C-22 has raised privacy concerns. The debate is not only about whether police should be able to investigate crime. Most people would agree that serious crimes should be investigated. The real question is how far the government should be allowed to go when requesting digital information, what safeguards should exist, and whether the bill could affect privacy, metadata, and encrypted services.
What does Bill C-22 try to do?
Bill C-22 aims to modernize Canada’s lawful access framework. “Lawful access” means access to information by police or security agencies using legal authority. This can include warrants, production orders, court authorizations, or other legal mechanisms.
The bill proposes changes to several laws, including the Criminal Code and the CSIS Act. It also creates a new framework called the Supporting Authorized Access to Information Act. This new framework is designed to make sure that electronic service providers can support legally authorized access to information.
In plain English, this means that companies providing digital services may be required to have systems or procedures that allow them to respond to lawful requests from Canadian authorities.
What kind of information is involved?
Bill C-22 is often discussed in relation to subscriber information, transmission data, and metadata.
Subscriber information can include basic information connected to an account or service. For example, it may help identify who is associated with a phone number, IP address, account, or online service.
Transmission data is information about the movement or routing of communications. It is not necessarily the content of a message, but it can show how, when, or where a communication moved through a system.
Metadata is one of the most controversial parts of the discussion. Metadata does not usually mean the actual content of a message. It does not necessarily reveal what someone wrote or said. However, it can still reveal a lot. It may show who contacted whom, when, how often, from where, and through what type of service.
That is why privacy experts often say metadata is not harmless. Even without reading the content of messages, metadata can create a detailed picture of someone’s life, relationships, habits, and movements.
Why does the government support Bill C-22?
The Government of Canada argues that Bill C-22 is necessary because technology has changed faster than the law. Criminals can use digital platforms, encrypted communications, fake accounts, foreign-based services, and online infrastructure to avoid detection.
The government says the bill is meant to help law enforcement and CSIS investigate threats such as cybercrime, child exploitation, organized crime, terrorism, and other serious offences.
Supporters of the bill may argue that police should not be forced to use outdated tools in a modern digital environment. If people use digital services to commit crimes, investigators need a legal way to obtain relevant information.
From this perspective, Bill C-22 is presented as a public safety bill.
Why are people concerned about Bill C-22?
The concern is that Bill C-22 may give the government too much power over digital information.
One major concern is metadata retention. If service providers are required to retain certain information for longer periods, critics worry this could create a form of mass data collection. Even if the government does not immediately access all the information, requiring companies to store it can increase privacy risks.
Another concern is secrecy. Some parts of lawful access systems may involve confidential or non-public orders. Critics worry that if companies receive secret government demands, the public may not know how often these powers are used or how broad they are.
A third concern is encryption. The government may say that the bill does not directly require a “backdoor” into encrypted services. However, privacy advocates and technology companies worry that broad legal obligations could still pressure companies to weaken encryption or redesign systems to make access easier for authorities.
This matters because encryption protects ordinary people, not just criminals. It protects banking, private conversations, business information, medical data, journalists, lawyers, activists, and everyday users.
Is Bill C-22 the same as a “backdoor law”?
Not exactly.
It would be too simple to say that Bill C-22 directly says, “Companies must create backdoors.” The official government position is more careful than that.
However, the concern is about practical consequences. If the law requires companies to provide access to information in certain ways, critics worry that this could lead to technical pressure on encrypted services. Even if the word “backdoor” is not used, the result could still weaken privacy and security.
So the better way to explain the issue is this:
Bill C-22 is not simply a backdoor law on its face, but critics worry that its access requirements could create pressure that weakens encryption or expands government surveillance powers.
What does the Privacy Commissioner say?
The Office of the Privacy Commissioner of Canada has recognized that Bill C-22 includes some improvements compared with earlier proposals. However, the Commissioner has also said that further amendments are needed to strengthen privacy protections.
The Commissioner’s concerns include the scope of subscriber information, metadata retention, proportionality, necessity, transparency, and encryption safeguards.
This is important because the Privacy Commissioner is not saying that law enforcement should never access information. The issue is balance. The law must allow serious investigations while still protecting Canadians’ fundamental privacy rights.
Why does this matter to regular people?
Bill C-22 matters because it is not only about criminals. Laws about digital access affect the structure of the internet and the privacy rights of everyone.
Most people use digital services every day. Phones, email, social media, messaging apps, cloud storage, banking apps, and online accounts are now part of normal life. If the legal threshold for accessing or retaining digital information changes, ordinary users may be affected even if they have done nothing wrong.
The key point is that privacy is not about hiding crime. Privacy is about protecting personal freedom, security, dignity, and trust in digital systems.
A common argument is, “If you have nothing to hide, you have nothing to fear.” But this argument misses the point. Everyone has personal information that deserves protection. People lock their doors, use passwords, close curtains, and protect bank accounts not because they are criminals, but because privacy is normal.
The core debate
The debate around Bill C-22 is really about balance.
On one side, the government says law enforcement and national security agencies need modern tools to investigate modern threats.
On the other side, privacy advocates worry that the bill could expand government access to digital information, increase metadata retention, reduce transparency, and create pressure on encrypted services.
Both public safety and privacy matter. The difficult question is how to protect both at the same time.
Simple summary
Bill C-22 is Canada’s proposed lawful access law for the digital age. It would update how police and CSIS can request or obtain certain types of digital information from service providers.
The government says it is needed to fight crime and protect public safety. Critics worry it could lead to broader surveillance, metadata retention, secret orders, and possible pressure on encrypted services.
In short, Bill C-22 is not just a technical legal bill. It is a major privacy and public safety debate about how much access the government should have to digital information in modern Canada.
References