Canada vows to amend Bill C-22’s encryption and metadata rules amid massive tech backlash
Canada vows to amend Bill C-22’s encryption and metadata rules amid massive tech backlash
Publish Date: 2026-05-28 10:55:00
Source Domain: www.techradar.com
- Canada vows to amend Bill C-22 to better define encryption, metadata rules
- The move follows massive backlash from Big Tech and privacy tech firms
- Public Safety Minister remains firm that the legislation “needs to happen”
Following intense blowback from tech giants, privacy advocates, and some of the best VPN providers, the Canadian government has announced it will amend the contentious lawful access legislation known as Bill C-22.
The proposed law is designed to help law enforcement and the Canadian Security Intelligence Service (CSIS) access digital information during high-stakes investigations. However, critics argued its sweeping technological demands would effectively force companies to build backdoors into encrypted platforms, putting global cybersecurity at risk.
On Wednesday, Public Safety Minister Gary Anandasangaree confirmed that the government is drafting amendments “to ensure there’s clarity on what encryption is,” while also promising to better define metadata in the legislation.
You may like
Despite the planned revisions, Anandasangaree emphasized that the broader push for the bill to give authorities lawful access to citizens’ data will continue.
“This is something that needs to happen,” he told reporters, noting that police and intelligence agencies require updated tools to combat evolving tech threats.
Tech giants and VPNs threaten to exit
The government’s decision to revise the bill comes after weeks of searing criticism from the tech sector. Under the original wording, Bill C-22 would force undefined electronic service providers to retain metadata for up to a year, and adapt their systems to hand over intercepted data to investigators holding a warrant.
Furthermore, the legislation allows the public safety minister to issue secret orders forcing providers to retrieve data or trace devices, orders that the companies would be legally prohibited from disclosing to their users.
This triggered a unified defense…
