One Step Forward, Two Steps Back: Bill C-36 Modernizes Canada’s Privacy Law, Then Delays It to 2030
One Step Forward, Two Steps Back: Bill C-36 Modernizes Canada’s Privacy Law, Then Delays It to 2030
https://www.michaelgeist.ca/2026/06/billc36/
Publish Date: 2026-06-18 08:55:00
Source Domain: www.michaelgeist.ca
Canada’s private sector privacy law is more than 25 years old and there is broad consensus that a modernization is long overdue. Bill C-36, tabled on Monday, is the government’s third attempt at updating the law, following the failed efforts with Bill C-11 in 2020 and Bill C-27 in 2022. My first post on the new bill focused on what I think remains both the most important development and the biggest mistake: the decision to push the Privacy Commissioner of Canada out of private-sector privacy and to place the file with an overloaded digital safety commission. For years, privacy critics have argued that, given the absence of order-making powers or serious penalties, Canada’s biggest shortcoming has been weak enforcement. Yet just as the government adds much-needed new rights and penalties to the privacy law framework, it undermines enforcement once again by introducing a new regulator that will take years to establish. The consequence is that, rather than updating the law for 2027, it is updating it for 2030 or later.
I have some additional concerns about the regulatory structure discussed below, but this post focuses primarily on the substance of what is called the Protecting Privacy and Consumer Data Act or PPCDA. The changes fall into three groups: reforms that are genuinely new; a larger set of changes that are welcome but recycled almost intact from the Bill C-11 and Bill C-27 efforts; and a third group that raises significant uncertainty, with key issues left to a regulator or regulations that do not exist.
The government has been emphasizing safeguards for children, and the stronger protections for children in the PPCDA stand out, with a single definition of a child as anyone under 18, the classification of children’s information as sensitive, a best-interests-of-children factor the regulator must weigh, and a higher bar before a child’s request to delete their information can be refused. The bill also provides a statutory definition of…
![Federal social media bill threatens to undermine privacy rights, alienate youth: critics [audio] – NB Media Co-op](https://nbmediacoop.org/wp-content/uploads/2026/06/SocialMediaBanJun122026.jpg "Federal social media bill threatens to undermine privacy rights, alienate youth: critics [audio] – NB Media Co-op")
