Open version of my Globe column on why AI privacy risk Isn’t what It learns, but what It figures out. Question at its centre: Is data de-identification dead? AI re-identifies people from non-personal data as a structural byproduct, not a deliberate act.
The AI privacy debate typically focuses on what data goes in. My Globe op-ed discusses the flip side: what AI figures out by reconstructing identities from fragments never meant to be personal data. De-identification, a core part of privacy law, is broken.
My weekend post on the government citing a standard above “mere suspicion” to justify weakened standards in Bill C-22. Mere suspicion isn’t a threshold for search at all, but rather the standard the courts point to when a search is unconstitutional.
Lawful access is back on the House agenda today for a fourth day of debate. My summary of the first three days and the many concerns that remain unanswered.
In a year in which AI has dominated much of the news cycle, the story of Anthropic’s Mythos and the cybersecurity concerns may be the biggest story of them all. Jason Miller joins the Law Bytes podcast to talk about Mythos and the AI governance challenges.
Day 3 (Apr 17) — Asked why Bill C-22 lowers the subscriber info threshold, Parl. Sec. Lattanzio defended it as "higher than mere suspicion."
But mere suspicion is the standard the SCC uses to mark a search unconstitutional.
www.michaelgeist.ca/2026/04/a-st...
Day 2 (Apr 16) — Asked by Cons. MP Glen Motz, a former police officer, whether law enforcement wants more than what's in Bill C-22, Sec. of State Sahota said yes, called C-22 "a first step," and said she'd be open to going further.
www.michaelgeist.ca/2026/04/more...
Day 1 (Apr 14) — Justice Minister Sean Fraser devoted ONE paragraph to Bill C-22's mandatory metadata retention and gave a process answer, not a technical one, on encryption back doors.
The EU struck down blanket metadata retention in 2014.
www.michaelgeist.ca/2026/04/the-...
Bill C-22, three days of House debate:
- One paragraph on mandatory metadata retention
- A process answer on encryption back doors
- An admission this is only "a first step"
- A defence of the lower threshold as "higher than mere suspicion"
Full analysis below.
I don’t typically add new posts on the weekend. But when the government offers misleading defences of lawful access by citing a non-existent “mere suspicion” standard to justify weakening the protection for access to subscriber information in Bill C-22…
www.michaelgeist.ca/2026/04/a-st...
Michael Geist Weekly Digest, Issue 4: Lawful access in the House, U.S. trade pressure on data sovereignty, copyright, chilling effects and more
www.linkedin.com/pulse/michae...
Algorithmic variable pricing in action...
The government's case for lawful access just got more alarming: it now admits Bill C-22 is a first step and it is open to going further. Metadata retention and embedded intercept infrastructure aren't the ceiling. They're the surveillance starting point.
Sovereignty preferred, but not mandated: Canadian AI Sovereign Compute program prioritizes but doesn’t mandate data residency, is ok with companies contractually controlled but not owned by Canadians, and must only limit instances of foreign access to data.
ised-isde.canada.ca/site/ised/en...
My post on the Blacklock's copyright case. The FCA decision comes with a catch: Federal Court's fair dealing and TPM analysis stands as the most thorough treatment of these questions in Canadian copyright law, serving as a roadmap for future cases.
www.michaelgeist.ca/2026/04/win-...
The Bill C-22 lawful access debate continued yesterday. Government now says it’s only the beginning. Once the bill passes, it can consider an even broader scope. Mandatory metadata retention and security backdoors are apparently just a “first step”.
bsky.app/profile/mgei...
The lawful access debate started in the House this week. The government's strategy: say as little as possible about the metadata surveillance database and the risks of systemic vulnerabilities in Canadian networks. We need to start paying attention.
Data sovereignty is a global structural trend. The US is fighting it by asserting legal access wherever data sits and pressuring countries that try to move their data beyond that reach. Follow-up to my Globe op-ed on “trade barriers” and data sovereignty.
Most chilling effects scholarship focuses on law's direct inhibition of speech. @penney.bsky.social new book asks a harder question: what about the indirect effects on conformity and power? We discuss on this week's Law Bytes podcast.
The 2026 US trade barriers report flags 30+ countries for data sovereignty measures, up 50% from last year. Canada named for the first time. The US draws no line between legitimate security and protectionism: anything limiting US cloud access is a trade barrier.
Jon Penney's argument isn't just about rules that inhibit speech. Chilling effects operate as a mechanism for conformity and power with direct implications for how Canada designs its surveillance and platform laws. Our discussion of his new book on my Law Bytes podcast.
"Chilling effects" is a term everyone uses and few people interrogate. @penney.bsky.social joins the Law Bytes podcast to discuss his new book and why we may be understating the issue, with implications for surveillance, content moderation, and AI regulation.
Michael Geist Weekly Digest, Issue 3: US trade pressure on Canadian data sovereignty, Bill C-22's systemic vulnerability gap, political party privacy
www.linkedin.com/pulse/michae...
Open version of my Globe op-ed on the US strategy to counter data sovereignty efforts worldwide, including in Canada. The U.S. CLOUD Act asserts jurisdiction over data wherever stored. Responses based on sovereign AI initiatives are labelled as a trade barrier.
My Globe op-ed on the U.S.’s two-pronged strategy over data. First, leverage the CLOUD Act to assert jurisdiction over data wherever it is stored. Second, treat responses that involve data localization rules or sovereign AI initiatives as a trade barrier.
The government is back with another political party privacy law. After the Bill C-4 debacle, Bill C-25 is supposed to provide real protection. But reality is that with major omissions and weak enforcement, parties will still not be subject to a serious privacy law
www.michaelgeist.ca/2026/04/stil...
My post on the biggest privacy/security risk in Bill C-22: lawful access rules mandating expansive surveillance-capability requirements for digital providers. Orders must be kept secret with little clarity on safeguards against systemic vulnerabilities.
bsky.app/profile/mgei...
Could Bill C-22 Make Canadians Less Safe? The Systemic Vulnerability Gap in Canada’s New Surveillance Law
www.michaelgeist.ca/2026/04/coul...
For some areas of practice AI’s role will be more limited and peripheral.
I wrote a short post on what Shapiro gets right, and why the AI future of law will be much more uneven than some of the current enthusiasm suggests:
www.slaw.ca/2026/04/06/t...
@mgeist.bsky.social's recent Law Bytes episode with Zack Shapiro is one of the best discussions I’ve heard on how to use AI effectively in practice. Many of Shapiro’s insights are fascinating and empowering.
But he also paints a picture that leaves a lot out.