Liberal government’s troubling approach to privacy revealed in new legislation
Published: 2025.06.10
Two federal bills, one about borders and one about affordability, contain buried provisions that will erode Canadians’ privacy rights.
June started out as a busy legislative month for the federal government, and two freshly-introduced bills are generating concerns for privacy advocates across the country. As we attempt to make sense of this and determine how to respond, It is important to bear three ideas in mind.
First, if passed, the bills contain provisions that will erode privacy rights in general, either by expanding law enforcement powers or by exempting political parties from privacy rules that govern other types of organization. Second, while the broader content of the bills will be the subject of the kinds of polarized and partisan standpoints that characterize contemporary Canadian politics, there is both historical and recent multi-party support for the provisions that erode privacy. And third, neither of the bills appear at first glance to be about privacy at all. Indeed, major changes in privacy policy are buried in legislation that is presented as being about borders and affordability.
Lawful Access Redux
On June 3, the government introduced the massive 16-part Strong Borders Act, C-2. The Strong Borders Act was announced as a sweeping border security initiative, and it has been subject to considerable criticism for its immigration and asylum provisions from various groups, including the Canadian Association of Refugee Lawyers. Buried in the bill, and generally unrelated to matters of border security, are provisions that would grant law enforcement agencies ‘lawful access’ powers.
The concept of lawful access has a long and complicated history in Canada. Liberal and Conservative governments have, since 1999, been seeking to provide law enforcement and security agencies powers to access subscriber data held by Internet Service Providers without the need for a warrant.
In a time when most of our activities are digitally mediated, data about these activities can paint a detailed picture of our lives. As such, we have a Charter-protected reasonable expectation of privacy in relation to this information. Proponents of lawful access have argued that police need generally unfettered access to this data in order to engage in investigations related to online criminal activity, particularly in cases involving child pornography and exploitation.
Opponents have noted that subscriber and transmission information can reveal a great deal about the online activities and identities of individuals, and should therefore be protected by the time-tested requirement to ‘get a warrant’. Law enforcement agencies have attempted to interpret existing laws to include lawful access provisions, but the Courts have disagreed. The Supreme Court of Canada, in the 2014 Spencer decision, upheld the need for police to obtain court orders before seeking to compel Internet Service Providers to disclose subscriber information. The Court further recognized privacy rights in relation to IP addresses in its decision in the 2024 Bykovets case.
The Strong Borders Act embeds lawful access in a suite of new powers for peace officers and public officials: an ‘information demand’ provision that requires providers to indicate whether they have certain data about an individual who is suspected of an offence of any type, ‘global production orders’ that compel providers to share information if there is reasonable grounds to believe that an offence has or will be committed – and allow for warrantless production orders in exigent circumstances, and ‘authorized access to information’ provisions that would allow law enforcement agencies sweeping access to the systems of ‘electronic service providers’.
It is important to emphasize that these are general investigatory powers that extend well beyond border security. They are general extensions of the investigative capabilities of law enforcement, and they warrant consideration and debate as such. There is a definite ‘Trojan Horse’ dynamic to their inclusion in a massive border bill that has a great deal of political momentum.
Political Privacy
The introduction of the Strong Borders Act was followed, on June 5, by Bill C-4, the Making Life More Affordable for Canadians Act, which which has the long title “An Act respecting certain affordability measures for Canadians and another measure”. It turns out that the ‘other measure’ in this case is a series of amendments to the Elections Act that function to exempt federal political parties from federal and provincial rules that govern the collection, use, and disclosure of personal information. This is a classic example of a legislative bait-and-switch.
There are two questions at the heart of the current political privacy debate: First, how to Canada’s federal privacy laws apply to the collection, use, and disclosure of personal information by federal political parties, and second, How do provincial privacy laws apply to federal political parties?
Canadian jurisdictions (federal, provincial, and territorial) generally have separate privacy laws for public bodies and private or nonprofit organizations. The federal political parties have taken the position that they do not have to abide by the rules that apply to public bodies or the rules that apply to the private sector. Bear in mind that they also practice a form of electoral politics that is intimately connected to the collection and analysis of information about the voting public. In other words, the political parties have the same voracious appetite for personal information that characterizes corporations, but they have essentially written themselves out of the rules that would otherwise apply to these activities.
The stance of the federal parties has collided with the laws of Canada’s provinces, with British Columbia as the key site of contestation. BC’s privacy laws do not treat political parties – provincial parties or provincial branches of federal parties – as special organizations that are exempt from privacy rules. This matter is currently before the courts, in the landmark Liberal Party of Canada v. The Complainants, 2024 BCSC 814 case. In this case, the federal parties have argued that BC’s Personal Information Protection Act does not apply to them, and that BC’s Office of the Information & Privacy Commissioner has no jurisdiction over them. It is important to note that, in a rare display of solidarity, the Liberal Party of Canada, the Conservative Party of Canada, and the New Democratic Party of Canada have taken the same position in this case.
How does Bill C-4 relate to this? First, it provides that federal political parties may carry out “any activities in relation to personal information, including the collection, use, disclosure, retention and disposal of personal information in accordance with the party’s policy for the protection of personal information”. However, party policies are not governed by federal privacy laws or subject to independent oversight. In essence, this allows political parties to write the rules that they must follow and to take responsibility for ensuring compliance.
C-4 goes further, though. In a specific response to the issues at the heart of the Liberal Party of Canada v. The Complainants, 2024 BCSC 814 case, the bill also recognizes an exemption from provincial privacy laws.
To be clear, this bill positions the federal political parties in a space beyond the reach of Canada’s federal and provincial privacy laws. For the sake of comparison, consider the rights of a client of a BC-based business. BC’s Personal Information Protection Act recognizes a company’s legal responsibilities regarding the collection, use, and disclosure of personal information, and it provides individuals with rights of access and correction, as well as rights of review by an independent body. The federal political parties, via C-4, would exempt themselves from such obligations. Individuals in Canada have similar rights under federal privacy law when dealing with public bodies or federally-regulated corporations, but C-4 carves out a clear exception for federal political parties.
It is understandable if readers are not familiar with the political privacy provisions of C-4. When François-Philippe Champagne, the Minister of Finance and National Revenue, rose in the House of Commons to call for the second reading of C-4 on June 6, his remarks focused on themes of affordability, the consumer carbon tax, tax supports for homebuyers, and related economic issues. These themes dominated the following debate, with the only mention of the Elections Act provisions coming from Nunavut NDP MP Lori Idlout’s questions about why such reforms were bundled with the affordability measures of the Bill. The response from the government was essentially a shrug and a brief comment that the provisions should be supported.
To make matters worse, the House of Commons Order Paper and Notice Paper for June 10 indicates that the government is seeking to move the bill forward for a second reading and referral to the Standing Committee on Finance. Privacy-related bills are typically referred to the House Standing Committee on Ethics, Access to Information, and Privacy (ETHI). Parking political privacy provisions in this affordability act ensures that the ETHI Committee will not have the opportunity to engage with them.
A Quiet Erosion of Privacy
There is something wearyingly familiar about these bills. The Strong Borders Act’s enhancement of state powers and erosion of rights in the name of security are reminiscent of post-9/11 lawmaking. Then, as now (and as ever), governments spoke about the imperatives of security and the need to defend society from threatening others. Then, as now, civil liberties groups pointed out that sweeping new law enforcement and surveillance powers would undermine our privacy rights, and they cautioned that measures rationalized as responses to extraordinary security threats would become normalized parts of the law enforcement repertoire. This is precisely what is occurring.
When the federal election writ dropped, the BC Freedom of Information and Privacy Association circulated questionnaires and surveys to the major federal political parties and their candidates. The goal of this effort was to get parties ‘on the record’ regarding key issues related to access to information, information management, and privacy. FIPA knew that information and privacy rights were not likely to be addressed in the federal election platforms (and this turned out to be correct), but we were also aware that it was likely that new legislation would have implications for privacy and the right to know.
Information and privacy rights were not central election issues, for understandable reasons. The federal election was defined by a small set of core themes. However, it was inevitable that information and privacy rights would be impacted by legislation advanced by any party that formed government, and it did not take long for this to happen.
In a participatory democracy, we can expect to disagree on matters of law and policy. I regard the lawful access provisions of C-2 as an unreasonable expansion of state powers and an encroachment on individual privacy rights, and I find the federal political parties’ ‘rules for thee, but not for me’ approach to privacy rules, as enshrined in C-4, egregious. I am happy to make the case for these positions, and to engage with those who hold different views. What I cannot abide is the circumvention of serious debate about these matters, and this is precisely what is occurring right now. Privacy is in peril.
Mike Larsen is a faculty member of the Criminology Department at Kwantlen Polytechnic University, and the President of the BC Freedom of Information and Privacy Association (FIPA). FIPA is an Intervenor in the Liberal Party of Canada v. The Complainants, 2024 BCSC 814 case mentioned in this article.
You help us fulfill our mandate and stay independent. Every contribution – big, small, one-time, or recurring – makes a difference. Click here to donate.
