Canada's Bill C-22: Lawful Access Returns with Warrantless Access Changes and Persistent Surveillance Risks
Canada's Bill C-22, the Lawful Access Act, has been introduced, marking a new phase in the long-standing debate over lawful access. This bill follows a previous attempt to include similar provisions in Bill C-2, which faced significant backlash due to rules permitting widespread warrantless access to personal information, deemed constitutionally questionable. Bill C-22 addresses two primary aspects: law enforcement access to personal information held by communication service providers and the development of surveillance capabilities within Canadian networks. The bill is divided into two parts, with the first focusing on "timely access to data and information" and the second establishing the Supporting Authorized Access to Information Act (SAAIA). Initial assessments suggest improvements in the data access component compared to the earlier Bill C-2.
The decades-long battle over lawful access in Canada has entered a new phase with the introduction of Bill C-22, officially known as the Lawful Access Act, on March 13, 2026. This legislative development follows a previous attempt last spring to embed lawful access provisions within Bill C-2, a border measures bill that represented the new government’s initial piece of substantive legislation. The lawful access elements within Bill C-2 were met with immediate and strong opposition due to their inclusion of unprecedented rules that would have permitted widespread warrantless access to personal information. These rules were widely considered to be on very shaky constitutional ground, prompting the government to ultimately reset its approach to lawful access by proceeding with the border measures in a separate bill.
However, the issue of lawful access has resurfaced with Bill C-22. This new bill covers two main aspects central to lawful access. Firstly, it addresses law enforcement access to personal information that is held by communication service providers, such as Internet Service Providers (ISPs) and wireless providers. Secondly, it focuses on the development of surveillance and monitoring capabilities within Canadian networks. The structure of Bill C-22 itself is divided into two distinct parts. The first half of the bill is dedicated to dealing with "timely access to data and information." The second half is responsible for establishing the Supporting Authorized Access to Information Act (SAAIA).
Initial analysis of Bill C-22 suggests that the component concerning access to data and information shows significant improvement compared to its predecessor. The earlier iteration of a new information demand power, as seen in Bill C-2, was noted for its astonishing breadth, covering a scope far wider than what is now proposed. Further extensive coverage of this bill is anticipated, including detailed discussions on relevant blogs and podcasts.
