Several privacy-focused technology companies are warning they may stop offering services in Canada if the country’s proposed Bill C-22 becomes law, arguing that the legislation would conflict with the privacy commitments they make to users.
Among the companies raising concerns are Signal, DuckDuckGo, NordVPN, ExpressVPN, Proton VPN, Windscribe, Apple, Google, and Meta. Critics of the bill say it could force service providers to retain user metadata and create capabilities that could undermine privacy protections. Supporters of the legislation argue it would help law enforcement access information needed for investigations.
Signal has emerged as one of the strongest opponents of the proposal. During testimony to Canadian lawmakers, Signal Vice President of Strategy Udbhav Tiwari said the bill would require the company to redesign parts of its service in ways that conflict with its privacy model. He said Signal would rather stop operating in Canada than weaken the protections it offers users.
DuckDuckGo has also warned that it could withdraw its VPN service from Canada if the legislation passes in its current form. Company founder Gabriel Weinberg said the bill’s requirements would conflict with the company’s privacy commitments. According to DuckDuckGo, its search engine would remain available, but its VPN service could be removed from the Canadian market.
NordVPN said it would not compromise its no-logs architecture or encryption protections if mandatory requirements were imposed under the bill. Other VPN providers, including Proton VPN, ExpressVPN, and Windscribe, have voiced similar concerns. Some companies have indicated they would consider leaving the country rather than altering core privacy features.
A major point of contention is a provision that would require certain user metadata to be retained for up to one year. Opponents argue that creating large stores of user information increases security and privacy risks because the data could become a target for misuse or unauthorized access. They also contend that any system requiring special access mechanisms could weaken trust in encrypted services.
The Canadian government has rejected claims that the bill would create a surveillance system or force companies to break encryption. Public Safety Minister Gary Anandasangaree has said amendments are being prepared to clarify how the legislation applies to encryption and metadata, while maintaining the government’s broader lawful-access objectives.
Despite those planned changes, opposition from technology companies continues to grow. Several firms have warned lawmakers that if the legislation is enacted without substantial revisions, Canadians could lose access to some privacy-focused services currently available in the country.