Introduction
On January 6, 2025, Prime Minister Justin Trudeau announced that he will resign, and that Governor General Mary Simon agreed to prorogue Parliament until March 24, 2025. Prorogation in this context means that the bills that were being considered by Parliament that had not received Royal Assent were “entirely terminated.”
On digital policy, there were three bills on the Order Paper that were expected to significantly transform the digital regulatory environment in Canada upon their passage, but were instead terminated with the announcement of prorogation:
- Bill C-26 would have amended the Telecommunications Act to establish special rules for securing the telecommunications sector and would have introduced the Critical Cyber Systems Protection Act ("CCSPA"), which would have provided a framework for protection of the “critical cyber systems”[1] in the telecommunications, energy, finance, and transport sectors that are vital to national security or public safety, including mandatory cybersecurity measures. (See Fasken’s analysis of Bill C-26 here).
- Bill C-27 would have reformed Canada’s federal private sector privacy law by replacing the nearly 25-year old Personal Information Protection and Electronic Documents Act (“PIPEDA”) with the Consumer Privacy Protection Act (“CPPA”), as well as enacting the Artificial Intelligence and Data Act (“AIDA”), which would have introduced a framework for regulating AI systems used in the course of commercial activities in Canada. (See Fasken’s analysis of Bill C-27 here).
- Bill C-63 would have enacted the Online Harms Act[2], which would have created a regulatory framework for online platforms with respect to the content they host with a view of promoting online safety and reducing harms. This was the federal government’s second attempt at passing the Online Harms Act after Bill C-36 in the previous parliamentary session died on the Order Paper in 2021. (See Fasken’s analysis of Bill C-63 here).
Effects of Prorogation
Prorogation ends the current parliamentary session. All proceedings before Parliament end, and bills that have not received Royal Assent are “entirely terminated.” When the new parliamentary session begins, these bills would have to be re-introduced, thus restarting Parliament’s consideration of the bills, unless there is the unanimous consent of the House of Commons or adoption of a motion to reinstate at the same stage they had reached prior to prorogation. However, considering the current political climate, the likelihood of the bills being reinstated appears remote.
Setbacks and Opportunities for Digital Regulation
Following prorogation, it is likely that the three initiatives will need to be restarted from scratch, though Bill C-26 has greatest chance of being resurrected as-is since Parliament’s consideration was further along than the others, and the need to harden critical infrastructure for national security purposes is acknowledged across party lines.
In contrast, it is unlikely that the Bill C-27 would be resurrected as-is given the controversy surrounding AIDA, even though there is a broad consensus that federal private-sector privacy reform is needed. Indeed, the CPPA would have rationalized the structure of federal privacy law by moving the requirements from the schedule of PIPEDA to the body of the law, clarified and codified important privacy commissioner guidance, added useful exceptions to consent for certain business activities and for legitimate interests, and addressed developments in technology over the past 25 years, like automated decision-making and the use of third-party cloud services. The CPPA may also have served to safeguard Canada’s recently renewed adequacy decision from the European Commission.
There is nonetheless opportunity in the demise of Bill C-27 and Bill C-63, as prorogation may allow a reassessment of legislative and regulatory approaches to online harms and AI. Bill C-27’s AIDA suffered from a lack of prior consultation and initially left much of its substance to regulations, prompting the government to attempt to re-architect the law while Parliament was still considering it. The next attempt at federal AI legislation could avoid these criticisms and benefit from an AI revolution that is further along than when AIDA was introduced in 2022. The treatment of AI under a revised federal privacy regime may similarly benefit from additional time and consideration to ensure that AI can continue to be developed in Canada and that AI innovations remain available to organizations and individuals. This is particularly important in light of the European Data Protection Board’s recent decision that held that AI training may implicate processing of personal data, and the AI models themselves can embody personal data when trained on such data.
