Minister of Public Safety Gary Anandasangaree waits to appear before the Standing Committee on Public Safety and National Security (SECU) on Parliament Hill in Ottawa on Oct. 23, 2025. The Canadian Press/Spencer Colby
Digital service providers, including mobile carriers and internet companies, may have to retain some user metadata for up to one year under the government’s proposed Bill C-22, Public Safety Canada says.
The one-year period proposed under Bill C-22, also known as the Lawful Access Act, would serve as a maximum for certain types of data, while other types could be kept for shorter periods, Shannon Hiegel, director general of national security policy at Public Safety Canada, told a parliamentary committee on May 5.
“We have done a lot of country comparisons within our analysis. And so one year actually was quite common in being the average, like I said, Australia is on the higher end with the two-year,” Hiegel told the Standing Committee on Public Safety and National Security.
She said Ottawa has not yet decided what types of metadata would have to be kept on record, adding that the government will discuss the types of data and retention periods with industry leaders and law enforcement. Metadata typically includes information about a communication or digital activity, such as phone numbers, IP addresses, timestamps, locations, and device identifiers, rather than the actual content of the message or conversation itself.
“We will develop analysis with the agencies as to what is the most valuable when it comes to investigative processes, as well as companies,“ she said. ”We need to take the time to be able to do that analysis and come back with a thoughtful scheme.”
Opposition MPs repeatedly asked why Parliament is being asked to pass a legal framework around metadata and storage timelines when the specific details of the proposed requirements have not yet been determined.
