Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Consolidated issue sheets on Bill C-12

Table of Contents

Differences between Bill C-2 and Bill C-12

Privacy considerations with respect to Bill C-12

Potential privacy-enhancing refinements to Bill C-12

Bill C-12, Part 1: Amendments to the Customs Act

Bill C-12, Part 4: Amendments to the Oceans Act

Bill C-12, Part 5: Amendments to the Department of Citizenship and Immigration Act

Bill C-12, Part 9: Amendments to the PCMLTFA

Bill C-12, Part 11: Sex Offender Information Registration Act (SOIRA)

OPC views on information-sharing agreements (ISAs)

Stakeholder concerns about Bill C-12

Immigration information-sharing agreement with the United States

Privacy rights at the border

Scope and objectives of Bill C-8

Privacy implications of Bill C-2

Bill C-2, Part 4: Canada Post Corporation Act (CPCA)

Bill C-2, Part 14: “timely access to data and information”

Bill C-2, Part 15: Supporting Authorized Access to Information Act (SAAIA)

Bill C-2, Part 16: Amendments to the PCMLTFA

Bill C-2: Charter Compliance

Bill C-2: Legal thresholds

Civil society response to Bill C-2

Differences between Bill C-2 and Bill C-12

Speaking points

  • Bill C-12 would amend a number of laws and regulations with a view to strengthening immigration and border security and combatting transnational organized crime, illegal fentanyl, and illicit financing.
  • It reintroduces many parts of Bill C-2 but omits some of the latter’s most controversial elements, including its lawful-access provisions.
  • While certain elements of Bill C-12 engage privacy interests, the risks and potential impacts are of an altogether different order of magnitude than aspects of Bill C-2.
  • The Minister has indicated that the Government’s view is that Bill C-12 better represents a consensus within Parliament, but that some version of Bill C-2 may advance at a later date.

Background

  • Bill C-12 substantially replicates Parts 1 to 3, 5 to 10, and 12 to 13 of Bill C-2, which would amend several laws related to border security, immigration, and transnational crime, including the Customs Act, the Oceans Act, the Department of Citizenship and Immigration Act, the Immigration and Refugee Protection Act, the PCMLTFA, and the Sex Offender Information Registration Act.
  • Some of Bill C-2’s most controversial elements have been dropped, including its lawful-access provisions.
  • More specifically, the following parts of Bill C-2 are absent from Bill C-12:
    • amendments to the Canada Post Corporation Act to, among other things, enable Canada Post to open letter mail without judicial authorization on the basis of reasonable suspicion (Part 4);
    • amendments to the PCMLTFA to, among other things, prohibit the acceptance of cash payments, donations, or deposits of $10,000 or more (Part 11).
    • amendments to the Criminal Code, CSIS Act, and other statutes to create or modify a range of investigative powers and to facilitate cross-border information-sharing between law enforcement (Part 14);
    • the proposed Supporting Authorized Access to Information Act, (Part 15); and,
    • amendments to the PCMLTFA to create a framework for public-to-private information-sharing (Part 16).

Lead: PRPA

Privacy considerations with respect to Bill C-12

Speaking points

  • Although Bill C-12 omits some of the most controversial elements of its predecessor, certain provisions still engage privacy interests in that they would create or expand authorities to collect, use, or disclose personal information.
  • This includes amendments to the Customs Act to expand the ability of the CBSA and the RCMP to examine goods destined for export, and amendments to expand information-sharing authorities in the Department of Citizenship and Immigration Act and the Sex Offender Information Registration Act.
  • From a privacy perspective, the real risk of significant harm that might arise from such amendments is relatively low. However, privacy-enhancing refinements are often possible, in this case most notably with respect to the Customs Act amendments in Part 1.

Background

  • Elements of Bill C-12 with potential privacy implications include:
    • amendments to the Customs Act that would require any person who “transports or causes to be transported within Canada goods destined for export” to give CBSA or RCMP officers free access to “any premises or place under the person’s control” where any goods destined for export are “reported, loaded, unloaded or stored” for the purpose of examining those goods (Part 1);
    • amendments to the Oceans Act to provide that coast guard services include activities related to security and to authorize the responsible minister to collect, analyze, and disclose information and intelligence (Part 4);
    • expanded information-sharing authorities under the Department of Citizenship and Immigration Act (Part 5);
    • new authorities for FINTRAC to disclose information to the Commissioner of Canada Elections, and new information-collection and -disclosure provisions for a new enrolment process, both under the PCMLTFA (Part 9);
    • amendments to the Office of the Superintendent of Financial Institutions Act to make FINTRAC a member of the committee established under subsection 18(1), and amendments to the PCMLTFA to enable FINTRAC to exchange information with the other members of that committee (Part 10); and,
    • expanded information-sharing authorities between law-enforcement agencies under the Sex Offender Information Registration Act (Part 11).

Lead: PRPA

Potential privacy-enhancing refinements to Bill C-12

Speaking points

  • Given the scope of Bill C-12 and the number of statutes and federal institutions that it implicates, certain aspects of the bill could have privacy impacts.
  • When considered against the bill’s policy objectives and the level of risk relative to proposed or existing safeguards, I believe that any such impacts are likely to be proportional and manageable.
  • However, privacy-enhancing refinements are often possible, in this case most notably with respect to the Customs Act amendments in Part 1.

Background

  • If pressed for specific, privacy-related improvements to the bill, you could consider offering the following recommendations:
    • Customs Act: that Part 1 be amended to specify that, if any premises or place referred to in s. 97.01 is a dwelling-house, an officer may not enter that dwelling-house without the consent of the occupant, except under the authority of a warrant issued by a judge on reasonable grounds to believe (as in the current s. 42 of the Customs Act).
    • It may also be worth noting that appellate court rulings in Ontario (R. v. Pike, 2024) and Alberta (R. v. Canfield, 2020) have found that s. 99(1)(a) of the Customs Act, which authorizes warrantless searches of imported “goods” without any investigative threshold, violates section 8 of the Charter insofar as it authorizes searches of personal electronic devices. The OPC has previously recommended a standard of reasonable suspicion for such searches; Bill C-12 contains no amendments to this effect.
    • Sex Offender Information Registration Act: that Part 11 be amended to define “law enforcement agency” (to clarify the entities amongst whom information may be shared) and to require Canadian law-enforcement agencies to enter into information-sharing agreements with their international counterparts that contain prescribed minimum privacy safeguards; and,
    • Department of Citizenship and Immigration Act: that the OPC be consulted on any regulations made under the amended DCIA with potential implications for privacy.

Lead: PRPA

Bill C-12, Part 1: Amendments to the Customs Act

Speaking points

  • Part 1 would expand the CBSA’s and the RCMP’s existing inspection powers under the Customs Act by compelling shippers and warehouse operators to grant access to any place or premises under their control and to open any package or container of “goods destined for export.”
  • This change could have privacy implications. For instance, as drafted, it could allow officers – with no investigative threshold and without prior judicial authorization – to enter the dwelling-house of a small business owner who operates out of their home and ships goods outside Canada (albeit strictly for the purpose of examining those goods).
  • Accordingly, Part 1 could be amended to specify that, if any premises or place referred to in s. 97.01 is a dwelling-house, an officer may not enter that dwelling-house without consent, except under the authority of a warrant issued by a judge on reasonable grounds to believe.

Background

  • The CBSA and RCMP have broad powers under the Customs Act to inspect and detain people and goods at ports of entry, where Canadian courts have found that reasonable expectations of privacy are generally reduced.
  • For example, s. 99 authorizes officers to “examine any goods that are to be exported” and to “open or cause to be opened any package or container of those goods.” Although this authority is not expressly confined to a particular location, it is unclear how far beyond the physical border it extends.
  • Part 1 would expand this authority to “any premises or place” under the control of shippers (s. 97.01) or warehouse operators (s. 97.02). The Government has indicated that the purpose is to bolster the CBSA’s ability to prevent or disrupt the movement of illicit drugs, illegal guns, and stolen vehicles across the border.
  • S. 42 of the Customs Act currently allows officers to enter premises and places to conduct inspections relating to the Act’s recordkeeping obligations. It specifies that, if the relevant premises or place is a dwelling-house, the officer must first obtain the occupant’s consent or a warrant issued by a judge on reasonable grounds to believe (ss. 42(2)(c) to (4)).
  • Although Canadian courts have found that reasonable expectations of privacy are generally reduced in the customs context, it is unlikely that such expectations would be as low in the context of a home or business with no physical connection to the border.

Lead: PRPA

Bill C-12, Part 4: Amendments to the Oceans Act

Speaking points

  • Part 4 would amend the Oceans Act to provide that coast guard services include activities related to security and to authorize the Coast Guard to collect, analyze, and disclose information and intelligence.
  • The Government has explained that the purpose of these amendments is to allow the Coast Guard to conduct security patrols and to disseminate information and intelligence to law-enforcement and border-security partners.
  • Although in certain circumstances the proposed new authorities could result in the collection, use, or disclosure of personal information, in my view the potential privacy risks are relatively low.

Background

  • In a September 2025 order in council, the Government formally transferred control and supervision of the Canadian Coast Guard (CCG) from the Department of Fisheries and Oceans (DFO) to the Department of National Defence (DND).
  • Part 4 (clause 25(2)) of Bill C-12 would amend s. 41(1) of the Oceans Act to expand the powers, duties, and functions of the minister responsible for coast guard services to include matters relating to “security, including security patrols and the collection, analysis and disclosure of information or intelligence.” It also provides that the minister responsible for coast guard services “may collect, analyze and disclose information or intelligence.”
  • Since the responsible minister’s role under s. 41 expressly excludes any such powers, duties, and functions “assigned by law to any other [federal] department, board or agency,” the new security mandate proposed in s. 41(1) would not overlap with comparable security mandates of other departments and agencies (such as the RCMP or CBSA).
  • Information-sharing under the proposed new intelligence-related authority could be overbroad since there are no express limits on the domestic or international partners to whom – or the circumstances under which – disclosures may be made. There is also no express provision for independent oversight (though any sharing of information or intelligence would fall within the purview of the National Security and Intelligence Review Agency).
  • Despite these gaps, it is unclear to what extent the CCG would engage in the collection, analysis, or disclosure of personal information in its expanded role.

Lead: PRPA

Bill C-12, Part 5: Amendments to the Department of Citizenship and Immigration Act

Speaking points

  • Bill C-12 would amend the Department of Citizenship and Immigration Act (DCIA) to expand the ability of Immigration, Refugees and Citizenship Canada to share specified immigration-related information within the department; with federal, provincial, and territorial partners; and, in certain cases, with other jurisdictions.
  • The proposed amendments incorporate a number of privacy safeguards, including prescribed minimum requirements for written information-sharing agreements, a list of the types of information that may be shared, and a prohibition on onward sharing to foreign entities without the written consent of the minister.
  • Such safeguards are consistent with TBS policy and the OPC’s longstanding advice on information-sharing, including in connection with the former Bill S-6 (which proposed similar amendments).

Background

  • Part 5 would add a new s. 5.4 to the DCIA authorizing the Minister of Citizenship and Immigration to disclose, within the Department of Citizenship and Immigration, any personal information under the Department’s control, subject to any regulations made by the Governor in Council under a proposed new s. 5.7.
  • Part 5 would also add a new s. 5.5 to the DCIA authorizing the Minister to disclose specified personal information to any federal or provincial department or agency, including information related to “the identity of an individual and any changes to their identity,” “the status of an individual in Canada and any changes to their status,” and “the contents or status of any document issued to an individual by the Minister.”
  • Consistent with previous written advice from the OPC on Bill S-6 (44-1), disclosures under s. 5.5 would be permitted only “under a written agreement or arrangement” with prescribed parameters, including “the elements of personal information that may be disclosed, the purpose of disclosure, any limits on secondary use and subsequent transfer of personal information[,] and any other relevant details.”
  • A proposed new s. 5.5(2), which goes further than Bill S-6, would also expressly prohibit onward disclosures to foreign entities except with the written consent of the Minister.

Lead: PRPA

Bill C-12, Part 9: Amendments to the PCMLTFA

Speaking points

  • Part 9 of Bill C-12 would make several amendments to the PCMLTFA, including adding a new enrolment regime for most reporting entities, and a new authority for FINTRAC to disclose specified information to the Commissioner of Canada Elections in certain circumstances.
  • When considered against the underlying policy objectives and the existing safeguards in the PCMLTFA, I believe that any potential privacy impacts arising from these amendments would be limited and largely acceptable.

Background

  • Part 9 would add a new regime to the PCMLTFA that would require most reporting entities referred to in the current s. 5 to “enroll” with FINTRAC (s. 11.4001).
  • This process would include a mandatory application to FINTRAC detailing information to be set out in regulations. Enrolled persons and entities would have to renew their enrolment periodically. For its part, FINTRAC would be required to publish certain “identifying information” from the registry (as defined in regulations under s. 54.2(3)).
  • The PCMLTFA currently requires FINTRAC to disclose designated information that it receives from reporting entities to the appropriate entity(ies) listed in s. 55(3) if it has “reasonable grounds to suspect that [the information] would be relevant to investigating or prosecuting a money laundering offence, a terrorist activity financing offence or a sanctions evasion offence.”
  • Similarly, FINTRAC must disclose designated information to the appropriate entity(ies) listed in s. 55.1(1) if it has “reasonable grounds to suspect that [the information] would be relevant to threats to the security of Canada.”
  • The PCMLTFA’s definition of “designated information” includes a variety of potentially sensitive personal and financial information (ss. 55(7) and 55.1(3)) in connection with certain financial transactions, attempted transactions, or importations or exportations of currency or monetary instruments.
  • Part 9 would amend the list of organizations in ss. 55(3) and 55.1(1) to add the Commissioner of Canada Elections (CCE), subject to an additional threshold of “reasonable grounds to suspect that the information is relevant to investigating or prosecuting an offence or violation under the Canada Elections Act or an attempt to commit such an offence or violation.” While this standard is not particularly onerous or restrictive, the addition of the CCE does not significantly broaden the information-sharing already permitted under ss. 55(3) and 55.1(1).

Lead: PRPA

Bill C-12, Part 11: Sex Offender Information Registration Act (SOIRA)

Speaking points

  • Part 11’s proposed amendments to SOIRA raise privacy considerations in that they could result in expanded information-sharing between law-enforcement authorities for the purposes of the Act.
  • For example, the proposed amendments would lower the required threshold for disclosures and extend the list of persons to whom disclosures may be made to include, among others, any federal, provincial, or municipal department or agency.
  • In my view, when considered against the underlying policy objectives and the purpose, principles, and existing safeguards in SOIRA, I believe that any potential privacy impacts arising from these amendments would be limited and justifiable.
  • However, Part 11 could be improved by adding a definition of “law enforcement agency” and a requirement for information-sharing agreements with appropriate safeguards.

Background

  • The SOIRA sets out a framework for the collection of accurate and up-to-date information about convicted sex offenders with a view to ensuring that police can effectively prevent and investigate crimes of a sexual nature. It contains several provisions designed to restrict access to and the use and disclosure of registry information so as to protect “the privacy interests of sex offenders” (ss. 2(2)(c)).
  • Canadian courts have repeatedly observed that the right to privacy is not absolute: the Charter protects a reasonable expectation of privacy that must be balanced against the necessity of interference from the state in the public interest. In that regard, the courts have also held that convicted sex offenders have reduced expectations of privacy.
  • Since the term “law enforcement agency” is not defined in the SOIRA or in Bill C-12, Part 11 could potentially result in overbroad, interjurisdictional information-sharing between authorities with some form of law-enforcement role.
  • Accordingly, Part 11 could be amended to define “law enforcement agency” and to require that Canadian authorities enter into information-sharing agreements with their international counterparts that incorporate minimum privacy safeguards, such as limits on secondary use and onward sharing.

Lead: PRPA

OPC views on information-sharing agreements (ISAs)

Speaking points

  • Certain authorities in Bill C-12 would enable specific federal institutions to share information, in some cases potentially sensitive personal information, with foreign and domestic government partners.
  • The TBS Directive on Privacy Practices (s. 4.2.33 - 4.2.34) requires federal institutions to establish ISAs with appropriate safeguards and other prescribed elements before disclosing personal information to any other public or private-sector entity (unless the information is disclosed under an international treaty or in accordance with international standards).
  • However, this requirement lacks the force of law. That is why, absent a general statutory obligation in the Privacy Act, I have repeatedly recommended requirements for ISAs in bills that contemplate potentially significant disclosures of personal information.

Background

  • While s. 8(1) of the Privacy Act requires institutions to obtain consent before disclosing personal information (PI), s. 8(2) sets out over a dozen exceptions, some of which are broad (e.g., “for any purpose in accordance with any Act of Parliament or any regulation made thereunder” (8(2)(b)).
  • The OPC has previously recommended the following with respect to s. 8(2):
    • a necessity and proportionality requirement for all uses and disclosures of PI that would apply to recipient institutions;
    • that the regular sharing of PI between Government of Canada (GoC) institutions require written ISAs;
    • that the sharing of PI between the GoC; the government of a province, territory, or municipality; or a foreign government or entity require written ISAs;
    • that ISAs define the specific elements of PI to be shared and the purposes for the sharing; limit secondary use and onward transfer; and include such other elements as may be prescribed by regulation;
    • that institutions notify the OPC of all new or amended ISAs, and that the OPC be given explicit authority to review and comment; and,
    • that institutions publish information about the nature and extent of ISAs that they have entered into (subject to limited exceptions).

Lead: PRPA

Stakeholder concerns about Bill C-12

Speaking points

  • From a privacy lens, Bill C-12 omits some of the most controversial elements of Bill C-2, but it has continued to attract criticism from civil society, including from advocates for migrant and refugee rights.
  • In my view, it is important that lawmakers attend to such voices, take their concerns seriously, and carefully consider their proposed amendments, which can often result in substantial improvements.
  • However, given the scope of my mandate and role, I will refrain from commenting further because many of the concerns that have been raised in connection with Bill C-12 are not strictly related to privacy.

Background

  • Civil liberties groups have expressed a number of concerns about Bill C-12, as reflected in the following representative quotes:
    • “Bill C-12 […] replicates Bill C-2’s erosion of migrant and refugee rights” (Canadian Civil Liberties Association).
    • “Civil society organizations […] are reiterating their call for a full withdrawal of [Bills C-2 and C-12], including the egregious expansion of surveillance powers that remain in Bill C-2, and the immigration provisions that restrict access to protection and expand mass status-cancellation now included in Bill C-12” (Amnesty International Canada).
    • “The measures proposed in […] Bill C-12 undermine established immigration legal processes and expand the government’s discretionary powers. The legislation, if passed, would cause Canada to compromise fundamental principles in a way that mirrors concerning developments in the United States” (Canadian Immigration Lawyers Association).
    • Bill C-12 “would allow the government to cancel en masse people’s immigration applications and even cancel visas or permanent residence cards of people already in the country. On top of this, [it] retains an enforcement-first approach to drug policy, ignoring decades of evidence showing that criminalization and prohibition are driving the current toxic unregulated drug crisis” (Greenpeace Canada).
    • If passed, Bills C-2 and C-12 “would mark one of the most dangerous rollbacks of refugee rights in recent history, abandoning Canada’s commitments to international law, due process, and the fair treatment of those seeking protection” (Lead Now).

Lead: PRPA

Immigration information-sharing agreement with the United States

Speaking points

  • Since 2010, my Office has held numerous consultations with IRCC on the expanded sharing of immigration information between Canada and the U.S., including on the Canada-U.S. Visa and Immigration Information Sharing Treaty (the Treaty) that came into effect in 2012 and was amended in July 2024.
  • While negotiations to update the agreement began in 2021, I note that IRCC only first consulted the OPC in May 2024 regarding possible amendments to the Treaty.
  • It is concerning that the general intentions and privacy safeguards outlined in the Treaty are largely discretionary. To ensure a more privacy protective approach, I have recommended that IRCC produce clear and specific guidance on the implementation of the privacy safeguards.

Background

  • Following the Beyond the Border Action Plan, Canada signed the Agreement Between the Government of the United States of America and the Government of Canada for the Sharing of Visa and Immigration Information with the U.S. in 2012 to enable systematic sharing between the two countries on nationals seeking to enter Canada or the U.S. temporarily or permanently, including refugee resettlement applicants.
  • IRCC recently consulted the OPC on the implementing arrangements of the Treaty. The OPC is still assessing certain of those arrangements, including those pertaining to biometrics.
  • The OPC issued several recommendations to IRCC, the main one being to produce guidance to ensure privacy safeguards are in place. IRCC is still considering how to implement the OPC’s recommendations.
  • The amended Treaty expands the scope to include information sharing about permanent residents and aims to have the program operational by the end of this calendar year. The personal information of Canadian citizens is not currently being shared under this Agreement, and proposed changes would not extend to them.

Lead: Promotion and Engagement

Privacy rights at the border

Speaking points

  • While border security is undoubtedly a pressing and substantial government objective, Canadians do not automatically forfeit their constitutionally protected rights at the border, including the right to be secure against unreasonable search and seizure.
  • In Canada, the courts have recognized that reasonable expectations of privacy are generally reduced at the border, where they must be balanced against state interests in regulating the movement of people and goods for the purposes of trade, public safety, or national security.
  • On this basis, the courts have found that routine searches at the border do not require individualized suspicion.
  • However, while the border context may temper Charter protections, the courts have also found that it does not eliminate them.
  • For example, appellate courts in Ontario (R v. Pike, 2024) and Alberta (R. v. Canfield, 2020) have found that the CBSA’s reliance on s. 99(1)(a) of the Customs Act to search personal electronic devices without a warrant violates section 8 of the Charter in that it fails to establish a suitable threshold for what is a highly intrusive search.

Background

  • The Court in R. v. Simmons, [1988] 2 S.C.R. 495, held that “the degree of personal privacy reasonably expected at customs is lower than in most other situations” (para. 49). It also stated that “no constitutional issues are raised” by “the routine of questioning [travellers] at a port of entry, accompanied in some cases by a search of baggage and perhaps a pat or frisk of outer clothing” (para. 27).
  • In R. v. Canfield, 2020 ABCA 383, the court held that “s. 99(1)(a) of the Customs Act is unconstitutional to the extent that it imposes no limits on the searches of [digital] devices at the border,” although it declined to specify a minimum threshold (paras. 7, 75).
  • In R. v. Pike, 2024 ONCA 608, the court held that s. 99(1)(a) of the Customs Act is unconstitutional insofar as it authorizes searches of digital devices because s. 8 of the Charter requires that border officers have reasonable suspicion to search travellers’ digital devices without a warrant (paras. 1-2, 27-28, 33, 78).

Lead: Legal

Scope and objectives of Bill C-8

Speaking points

  • The OPC supports the objective of Bill C-8 to protect systems and services that are vital to national security or public safety from cybersecurity threats and vulnerabilities.
  • Stronger cybersecurity protections can also promote privacy by reducing the likelihood and impact of breaches involving personal data.
  • At the same time, new powers and authorities granted in the name of cybersecurity must be appropriately scoped and subject to suitable guardrails in order to limit the risk of unintended privacy impacts.
  • With that in mind, I have previously recommended that this Committee consider amending Bill C-8 to ensure a consistent standard of necessity and proportionality for any collection, use, or disclosure of personal information; that information-sharing agreements provide for minimum privacy safeguards; and that the Communications Security Establishment be required to notify my Office when made aware of cybersecurity incidents involving a material privacy breach.

Background

  • Part 1 of Bill C-8 would amend the Telecommunications Act (TA) to add promoting the security of Canada’s telecommunications system as a policy objective and to provide the GIC and Minister of Industry with order-making powers to that end.
  • It would also amend the TA to create new authorities for the collection and disclosure of information by the Minister of Industry, Public Safety, Foreign Affairs, National Defence, the Chief of the Defence Staff, the Communications Security Establishment, CSIS, and the CRTC.
  • Part 2 would enact the Critical Cyber Systems Protection Act (CCSPA), which would authorize the GIC to designate certain services or systems in federally regulated sectors as “vital”; to identify classes of operators that would be subject to cybersecurity directions and regulations; to issue cybersecurity directions; and to require designated operators to establish and implement cybersecurity programs, mitigate supply-chain, and report cybersecurity incidents.
  • The systems and services in scope of the Act include telecommunications, interprovincial or international pipe and power lines, nuclear energy, transportation, banking, and clearing and settlement (i.e., of payment obligations).

Lead: PRPA

Privacy implications of Bill C-2

Speaking points

  • In contrast to Bill C-12, several elements of Bill C-2 have significant implications for privacy rights and interests.
  • When assessing the reasonableness of such provisions, key questions include: do they strike an appropriate balance between privacy rights and state interests? Do they provide for adequate oversight, accountability, and transparency? Are thresholds for the exercise of investigative powers appropriate in light of their potential invasiveness?
  • The OPC’s assessment is also guided by the principles of necessity and proportionality: in other words, is the intrusion on privacy demonstrably necessary to achieve a legitimate objective, and is the degree of intrusiveness proportional to the benefits to be gained?
  • The Minister of Public Safety has acknowledged that Bill C-2 does not achieve the necessary balance between privacy and law-enforcement objectives; I agree.
  • My office has met with officials from Public Safety about Bill C-2 and expressed interest in being engaged on potential amendments to the Bill that may be contemplated as the Government considers the way forward.

Background

  • Bill C-2 was introduced in the House by the Minister of Public Safety in June 2025. In October 2025 the Minister introduced Bill C-12, which consists of 11 parts originally put forward in Bill C-2 but excludes some of its most controversial elements, notably:
    • amendments to the Canada Post Corporation Act to permit the demand, seizure, detention, or retention of anything in the course of post in accordance with an Act of Parliament and to enable Canada Post to open letter mail (Part 4);
    • amendments to the Criminal Code, the CSIS Act, and a number of other statutes to create or modify a range of investigative powers (including a warrantless “information demand”) (Part 14);
    • the proposed Supporting Authorized Access to Information Act, which would require electronic service providers to have the technical and operational capabilities to facilitate access to information by authorized persons (Part 15); and,
    • amendments to the PCMLTFA that would establish a framework for public-to-private information-sharing whereby reporting entities may collect and use personal information disclosed to them by the RCMP or government entities (Part 16).

Lead: PRPA

Bill C-2, Part 4: Canada Post Corporation Act (CPCA)

Speaking points

  • Part 4 of Bill C-2 would expand Canada Post’s general inspection power (s. 41) to include letter mail, based on the existing threshold of reasonable grounds to suspect.
  • The Government has explained that the amendments in Part 4 are intended to help stop the flow of drugs in Canada, particularly opioids like fentanyl, which can be shipped by post in small amounts.
  • However, since letters may contain sensitive personal information in which senders and recipients have a significant privacy interest, the current proposed standard of reasonable suspicion may be too low.

Background

  • Under the current s. 40(3) of the CPCA, “nothing in the course of post is liable to demand, seizure, detention or retention” except as authorized by the CPCA and its regulations, the CSIS Act, the Customs Act, and the PCMLTFA.
  • Part 4 of Bill C-2 would amend the CPCA to allow anyone authorized by any Act of Parliament to search and seize mail, without an express requirement for a warrant. Absent language limiting this authority to peace or public officers, this could include private-sector entities and state actors not formally tasked with the enforcement of laws.
  • S. 41 of the CPCA currently allows Canada Post to open non-letter mail if there are reasonable grounds to suspect that it is not compliant with the CPCA regulations or that it constitutes “non-mailable matter.”
  • Part 4 would expand this inspection power to include letters, based on the same threshold of reasonable suspicion and subject to no transparency or reporting requirements.
  • In 2023, s. 41 was amended to require reasonable suspicion following the decision in R. v. Gorman (2022 NLSC 3), in which the Supreme Court of Newfoundland and Labrador ruled that it violated s. 8 of the Charter because it allowed for the search of non-letter mail without an objective standard.

Lead: PRPA

Bill C-2, Part 14: “timely access to data and information”

Speaking points

  • Part 14 is among the most complex components of Bill C-2 and also contains some of its most significant privacy risks.
  • Among other things, it would create or modify a number of investigative powers – primarily in the Criminal Code but also in the CSIS Act – and lay the groundwork for expanded data-sharing between foreign and domestic law-enforcement authorities.
  • The Minister of Public Safety has publicly acknowledged that the Bill as drafted does not achieve the necessary balance between civil liberties and law-enforcement interests; I agree.
  • My office has met with officials from Public Safety about Bill C-2 and expressed interest in being engaged on any potential amendments to the Bill that may be contemplated as the Government considers the way forward.

Background

  • Some of the most contentious elements of Part 14 include:
    • the proposed new information-demand power that would enable law enforcement and CSIS to compel “persons who provide services to the public” to produce potentially sensitive information related to the provision of services, without prior judicial authorization and based on a threshold of reasonable grounds to suspect;
    • the breadth of the definition of “subscriber information” and of the undefined term “person who provides services to the public”;
    • the short (five-day) timelines that recipients would have to challenge information demands and production orders; and,
    • the concern that certain provisions will pave the way for expanded cross-border data-sharing between law enforcement without adequate privacy safeguards.
  • One noted Charter expert has described these and related provisions in Bill C-2 as “the most significant expansion of investigative search powers in Canada in over a decade.”

Lead: PRPA

Bill C-2, Part 15: Supporting Authorized Access to Information Act (SAAIA)

Speaking points

  • The proposed SAAIA would enable the government to require electronic service providers to have the necessary capabilities to facilitate access to information by authorized persons under the Criminal Code and CSIS Act.
  • I recognize that, in some cases, service providers may be unable to comply with judicially authorized requests from law enforcement, for example, because of end-to-end encryption or data-retention policies.
  • However, the Government’s proposed solution could introduce new problems and lacks privacy-protective safeguards, including independent oversight for government orders, necessity and proportionality requirements, transparency and accountability measures, and a definition of what constitutes a “systemic vulnerability.”

Background

  • The SAAIA would empower government to impose obligations on electronic service providers (ESPs) operating or providing services in Canada with respect to:
    • the “development, implementation, assessment, testing and maintenance of operational and technical capabilities,” including capabilities relating to extracting and providing persons authorized under the Criminal Code or CSIS Act access to information, intelligence, and data (s. 5(2)(a)); and,
    • the “installation, use, operation, management, assessment, testing and maintenance of any device, equipment or other thing” for enabling persons authorized under the Criminal Code or the CSIS Act to access information, intelligence, and data (s. 5(2)(b)).
  • The GIC would be empowered to impose such obligations on unspecified classes of “core” ESPs by regulation (ss. 5(1) and (2)); the Minister of Public Safety would be empowered to do so on specific ESPs by order (s. 7(1)).
    • Service providers would be exempt from complying with any obligation that would require them to introduce, or to refrain from addressing, a “systemic vulnerability” in electronic protections (ss. 5(3) and 7(4)), but the definition is left to regulations.
    • Section 15 would impose strict confidentiality requirements on service providers, which could create cybersecurity risks by preventing them from reporting such vulnerabilities to appropriate authorities.

Lead: PRPA

Bill C-2, Part 16: Amendments to the PCMLTFA

Speaking points

  • Expanded information-sharing can promote important law-enforcement and national-security objectives, including the detection or deterrence of money laundering, terrorist-activity financing, and sanctions evasion.
  • However, given the potential impacts on privacy, authorities to disclose information should always be narrowly tailored and incorporate adequate thresholds and other safeguards appropriate to its sensitivity.
  • In my view, the public-to-private information-sharing regime proposed in Part 16 could be improved by adopting additional safeguards, including from the PCMLTFA’s existing private-to-private framework.

Background

  • Part 16 would permit a PCMLTFA reporting entity (i.e., a person or entity referred to in s. 5 of the PCMLTFA) to collect personal information without the knowledge or consent of the individual concerned if, among other things, it is disclosed to the reporting entity by the RCMP or any other prescribed government department or law enforcement agency (s. 11.71).
  • Reporting entities that collect personal information under s. 11.71 would be permitted to use it for the purposes for which it was disclosed to them or for the detection or deterrence of a contravention of federal or provincial laws relating to money laundering, terrorist-activity financing, or sanctions evasion (s. 11.72).
  • The private-to-private regime under PCMLTFA s. 11.01 requires that information-sharing be “reasonable for the purpose” of detecting or deterring money laundering, terrorist-activity financing or sanctions evasion. In contrast, the proposed authorities in Part 16 do not explicitly require reasonableness but only a written affirmation from the disclosing entity that the disclosure is for such purposes.
  • A similar safeguard could be incorporated in Part 16 so as to permit public-sector actors to disclose information to the private sector only if the disclosure is reasonable for the purpose of detecting or deterring money laundering, terrorist-activity financing, or sanctions evasion.
  • Additional safeguards could include requiring disclosing entities to report on their disclosures and to correct any inaccuracies in disclosed information, as well as the inclusion of an access regime akin to PIPEDA ss. 9(2.1) to (2.4), which requires prior notification to government institutions and allows them to object to disclosures before they are made.

Lead: Legal

Bill C-2: Charter Compliance

Speaking points

  • Certain powers and authorities in Bill C-2 would allow law enforcement and other state actors to gain access to Canadians’ private information, including potentially sensitive personal information.
  • Laws empowering the government to collect Canadians’ personal information can implicate the constitutionally protected right to privacy under s. 8 of the Charter.
  • In such cases, it is important to ensure that the government’s powers are narrowly tailored and subject to rigorous thresholds in order to ensure that the powers withstand constitutional scrutiny.
  • In my view, certain powers and authorities in the Bill are subject to thresholds that are too low and include concepts that are too broad, such that those provisions are constitutionally vulnerable.

Background

  • Section 8 of the Charter provides that “[e]veryone has the right to be secure against unreasonable search or seizure.” The decision in Hunter v. Southam Inc., [1984] 2 S.C.R. 145, at p. 159, established that s. 8 of the Charter protects the right to privacy.
  • Part 4 (cl. 27) would empower Canada Post to open letters based on reasonable suspicion (Canada Post Corporation Act, s. 41(1)).
  • Part 14 (cl. 159) would empower peace and public officers to obtain a court order compelling “a[ny] person who provides services to the public” to produce “subscriber information” based on reasonable suspicion (Criminal Code, s. 487.0142).
  • Part 14 (cl. 157(2)) would define “subscriber information” to include “information that the subscriber or client provided to the [service provider] in order to receive services” and “information relating to the services provided” (Criminal Code, s. 487.011).
  • Part 14 (cl. 164) would declare, “[f]or greater certainty,” that no production order, warrant, or information demand is necessary for a peace or public officer to collect or act on “any information that is available to the public” (Criminal Code, s. 487.0195(4)).

Lead: Legal

Bill C-2: Legal thresholds

Speaking points

  • Certain powers and authorities in Bill C-2 would allow law enforcement and other state actors to gain access to Canadians’ private information, including potentially sensitive personal information.
  • Government powers to collect information on Canadians must incorporate thresholds appropriate relative to its potential sensitivity.
  • In my view, this is not always the case in Bill C-2: some provisions would require reasonable suspicion when they should require reasonable belief; others would not require judicial authorization when they should.
  • Raising thresholds would be an effective way to ensure an appropriate balance between Canadians’ interests in public safety and national security and their right to privacy.

Background

  • Part 4 (cl. 27) would empower Canada Post to open letters based on reasonable suspicion (Canada Post Corporation Act, s. 41(1)).
  • Part 14 (cl. 158) would empower peace and public officers to compel potentially sensitive information from any person who provides services to the public, without judicial authorization (Criminal Code, s. 487.0121).
  • Part 14 (cl. 159) would empower peace and public officers to obtain a court order compelling any person who provides services to the public to produce “subscriber information” – which could include sensitive information – based on reasonable suspicion (Criminal Code, s. 487.0142).
  • Part 14 (cl. 160) would empower peace and public officers to obtain judicial authorization to request that a foreign telecommunications service provider produce transmission data or subscriber information – which could include sensitive information – based on reasonable suspicion (Criminal Code, s. 487.0181).
  • Part 14 (cl. 174(2)) would empower a justice or judge to, when issuing a warrant authorizing a peace or public officer to obtain transmission data by means of a transmission data recorder (based on reasonable suspicion), also authorize the officer to obtain certain types of subscriber information from any person who provides services to the public (Criminal Code, s. 492.2(5.2)).

Lead: Legal

Civil society response to Bill C-2

Speaking points

  • Many critics and commentators from civil society have expressed serious concerns about Bill C-2’s implications for privacy.
  • In my view, such concerns are an important part of a broader conversation about how to balance the needs of the state to access private information for law-enforcement and national-security purposes and the right to privacy, which protects our individual and political autonomy and enables us to exercise it in the enjoyment of other fundamental rights.
  • Parliamentary review of legislative proposals like Bill C-2 is an essential part of this conversation, and I look forward to the opportunity to contribute my views on Bill C-2 if or when I am invited to do so.

Background

  • Multiple coalitions of civil society groups representing civil liberties and refugee rights have denounced Bill C-2 and called on the Government to withdraw it.
  • Privacy-focused concerns raised by these and likeminded stakeholders include:
    • the new demand power that would enable police and CSIS to confidentially compel a range of information from service providers without a warrant, based on the threshold of reasonable suspicion;
    • the short (five-day) window for recipients to challenge these and other production orders issued under the Criminal Code;
    • the safe-harbour protections for service providers who voluntarily comply with requests to disclose information;
    • the new production order that would enable police to obtain “all subscriber information” – including the types of services provided, the devices used, and other billing information – based only on reasonable suspicion;
    • the new order-making power whereby the government may confidentially direct electronic service providers to make technical modifications that could provide police and CSIS with real-time access to sensitive data; and,
    • the possibility that amendments to facilitate cross-border data-sharing could pave the way for expanded data-sharing treaties and agreements with foreign national-security and law-enforcement authorities.

Lead: PRPA

Table of Contents

Differences between Bill C-2 and Bill C-12

Privacy considerations with respect to Bill C-12

Potential privacy-enhancing refinements to Bill C-12

Bill C-12, Part 1: Amendments to the Customs Act

Bill C-12, Part 4: Amendments to the Oceans Act

Bill C-12, Part 5: Amendments to the Department of Citizenship and Immigration Act

Bill C-12, Part 9: Amendments to the PCMLTFA

Bill C-12, Part 11: Sex Offender Information Registration Act (SOIRA)

OPC views on information-sharing agreements (ISAs)

Stakeholder concerns about Bill C-12

Immigration information-sharing agreement with the United States

Privacy rights at the border

Scope and objectives of Bill C-8

Privacy implications of Bill C-2

Bill C-2, Part 4: Canada Post Corporation Act (CPCA)

Bill C-2, Part 14: “timely access to data and information”

Bill C-2, Part 15: Supporting Authorized Access to Information Act (SAAIA)

Bill C-2, Part 16: Amendments to the PCMLTFA

Bill C-2: Charter Compliance

Bill C-2: Legal thresholds

Civil society response to Bill C-2

Date modified: