Anandasangaree rejects shortening metadata retention period in lawful access bill

OTTAWA — Public Safety Minister Gary Anandasangaree has rejected a call to shorten the time electronic service providers would be required to keep digital metadata under a bill intended to help police and spies.

The proposed legislation would allow for regulations requiring service providers to retain metadata — digital traces of a communication, but not the email or text itself — for up to one year.

Critics of the provision say the measure would allow for the capture of private information about ordinary Canadians who have no connection to any crime.

University of Ottawa law professor Michael Geist recently told the House of Commons public safety committee the stored metadata, including location information, would amount to “a comprehensive surveillance map of virtually every Canadian — where and when they go, and who they interact with.”

He suggested scrapping the provision, or at least limiting the metadata retention period to a maximum of 30 days to meet the investigative needs of authorities.

Anandasangaree said Thursday after appearing before the committee to discuss federal spending plans that a shorter retention period will not be among forthcoming changes to the legislation.

“We talked to law enforcement, we talked about the practicalities of shortening it — it does impede their ability to do an effective investigation, so one year is something that I believe we will hold steady on,” he said.

“Having said that, I think there’s other areas where we would be willing to either clarify or strengthen (the bill).”

The government is expected to introduce targeted changes to the proposed legislation when MPs begin going through it clause-by-clause in the coming days.

Overall, the government has maintained the bill will ensure law enforcement agencies have the legal tools to prevent, investigate and respond to modern crime and protect Canadians in a Charter-compliant manner.

Opponents argue the legislation would unnecessarily expand the powers of police and intelligence agencies. The bill has run into fierce opposition from civil liberties groups and law professors who say it would open the door to serious privacy infringements. It also has drawn criticism from members of the U.S. Congress.

Big tech companies Apple and Meta have said the legislation threatens to compromise their encryption services, while encrypted messaging service Signal and virtual private network service NordVPN have warned they could pull out of Canada if the bill requires them to compromise privacy.

Under the bill, authorities could demand that a telecommunications provider like Bell or Rogers reveal whether it provides service to an individual or a number of interest — a measure intended to speed up investigations.

The bill would also require electronic service providers to develop and maintain the technical capabilities necessary to enable police and the Canadian Security Intelligence Service to effectively obtain communications and information for investigations.

The bill would introduce mandatory requirements for certain core providers — likely large telecommunications companies and satellite providers — to have specific capabilities. In addition, the public safety minister could issue a ministerial order to require a provider to develop a particular capability, even if they are not a core provider. The bill would prohibit a provider from disclosing the existence or content of a ministerial order.

Meta said this could require companies to build or maintain capabilities that break or weaken encryption, or force providers to install government spyware directly on their systems.

The company said while the bill purports to protect against risks to encryption by allowing providers to challenge demands that would introduce a “systemic vulnerability,” the definition of such a vulnerability is unclear.

“Essential terms like ‘encryption’ are left to be defined in regulation, while ministerial orders can override those same regulations,” the company said.

Apple said the legislation could allow the government to force companies to break encryption by inserting backdoors into their products.

Anandasangaree said earlier this week the bill was never meant to allow for the breach of encryption.

He said the government’s understanding of the language in the bill on systemic vulnerabilities is that breaching encryption would not be allowed.

“So we will clarify it in the bill and we look forward to working with the opposition on appropriate language that we can live with.”

This report by The Canadian Press was first published May 28, 2026.

— With files from Anja Karadeglija