Media Den logo

Media Den

← Blog

Government Threats to Privacy: The Past Year in the US and Canada

June 2026 · Privacy & Policy

Most of the privacy advice we write about deals with companies: advertisers, data brokers, and the trackers built into the apps you use every day. Over the past year, though, some of the more significant pressure on privacy has come from governments. Lawmakers in both the United States and Canada have introduced bills that would either require services to collect more personal data or expand the government's ability to reach data that already exists.

None of these proposals is presented as surveillance. Most are framed as child safety, and the Canadian package began as border and national security. The effect on privacy is the same regardless of the framing. Here is a summary of the notable proposals from the past year and where each one stands as of June 2026.

United States

The App Store Accountability Act (H.R. 3149 in the House, S. 1586 in the Senate) was introduced in May 2025.[1] It would require large app stores to verify the age of every user and, for anyone determined to be a minor, obtain verifiable parental consent before an app can be downloaded or a purchase made.

The privacy problem is age verification itself. To prove an age, everyone, not only minors, generally has to hand over a government ID, a credit card, or a face scan, and some service then has to store that data. Two breaches in 2025 showed the risk: the Tea dating-safety app exposed roughly 13,000 photo IDs and selfies, and Discord reported that about 70,000 users may have had government-ID images, submitted for age checks, exposed in a breach of a third-party support vendor.[2]

Status: introduced in both chambers and not enacted as of June 2026. Several states moved first. Utah and Louisiana passed their own versions, and a federal court in Texas blocked that state's law in December 2025, finding it likely violates the First Amendment.[3]

The Kids Online Safety Act (KOSA, S. 1748) creates a "duty of care" that requires platforms to reduce a list of harms to minors.[4] The privacy concern is indirect but real: to apply different rules to minors, a platform first has to know which users are minors, which again pushes the industry toward broad age verification.

Status: the Senate passed an earlier version 91 to 3 in 2024, but it stalled in the House. It was reintroduced in the current Congress, and in March 2026 a House panel advanced a narrower version. As of late June 2026 the two chambers have not agreed on common text, so it is not law.[5]

The STOP CSAM Act (S. 1829 and H.R. 3921) was reintroduced in 2025, with a Senate Judiciary subcommittee hearing in March. It would remove some Section 230 liability protections and let victims sue platforms over child sexual abuse material.[6] Civil-liberties groups warn that the resulting liability could discourage end-to-end encryption, because a provider cannot easily answer for content it has deliberately built itself unable to see.

Status: advanced through committee in a previous Congress and reintroduced in 2025, but it has not passed the full Senate.

Canada

The Strong Borders Act (Bill C-2) was tabled in June 2025. Most of it dealt with the border, customs, and immigration, but two parts introduced a new "lawful access" regime: expanded data-production orders, a lower threshold for police to obtain basic subscriber information, and a new requirement that electronic service providers help authorities access data.[7] After opposition from privacy advocates and legal experts, the government split the bill. The border measures continued separately as Bill C-12, and the lawful-access provisions were removed and reintroduced on their own.

The Lawful Access Act (Bill C-22) is the reintroduced version of those provisions, and it is the most consequential privacy item of the year in Canada. It was tabled in March 2026, passed second reading in April, and passed third reading in the House of Commons on June 18, 2026 after the government limited debate.[8] [9]

The concerns raised at committee, including by the federal Privacy Commissioner and outside experts, center on three points: mandatory retention of metadata, a lower threshold for accessing subscriber information, and a provision the government could use to compel companies to build capabilities that weaken or break encryption.[10] Apple, Meta, Google, and Signal have all objected. Apple stated plainly that the bill would let the government force companies to insert backdoors into their products.[11] Signal said it would leave the Canadian market rather than comply, the VPN provider Windscribe said it would move its headquarters out of Canada, and the RCMP confirmed that it wants the law to provide access to encrypted communications.

Status: passed by the House of Commons and sent to the Senate, which is not expected to take it up until the fall, so it is not yet law.

Canada also revived its online-harms effort in June 2026 as the Safe Social Media Act (Bill C-34), which would create a Digital Safety Commission and impose duties on social media and AI chatbot services.[12] As with the US child-safety bills, an open question is how far it will lean on age verification to do its job.

The common thread

Each of these proposals would put more of your data within reach of someone else. The child-safety bills do it by mandating collection: to check an age, a service first has to gather identity documents. The lawful-access bills do it by mandating access: requiring providers to retain data, lowering the bar to obtain it, or building a path around their own encryption. In every case, a breach or a misuse later exposes whatever was collected or unlocked.

This is the reason we build Media Den around encryption that happens on your device. When data is encrypted before it leaves your phone, there is far less for any party, a company or a government, to collect, demand, or lose.

Media Den

Media Den encrypts your photos and videos on your device before they are ever uploaded. The keys stay with you, so there is no plaintext for a provider to hand over and no central store to compel.

Learn more about Media Den →

Download on the App Store Download on the App Store

References

  1. App Store Accountability Act, H.R. 3149, 119th Congress. congress.gov
  2. New America, "The App Store Accountability Act Poses Serious Concerns for Privacy, Security, and Free Expression." newamerica.org
  3. Pillsbury, "The App Store Accountability Act: Overview and Initial Considerations." pillsburylaw.com
  4. Kids Online Safety Act, S. 1748, 119th Congress. congress.gov
  5. Roll Call, "Kids online safety bills move forward from Senate, House panel," March 6, 2026. rollcall.com
  6. STOP CSAM Act of 2025, S. 1829, 119th Congress. congress.gov
  7. Government of Canada, "Understanding the Strong Borders Act (Bill C-2)." canada.ca
  8. Lawful Access Act (Bill C-22), LEGISinfo, Parliament of Canada. parl.ca
  9. BetaKit, "Bill C-22 passes third reading after Liberals adopt measures to limit debate," June 2026. betakit.com
  10. Electronic Frontier Foundation, "Canada Is Forging Ahead with Its Dangerous Surveillance Bill," June 2026. eff.org
  11. Michael Geist, "Apple on Bill C-22: This Bill Allows the Government of Canada to Force Companies to Break Encryption by Inserting Backdoors into their Products," May 2026. michaelgeist.ca
  12. Government of Canada, "Government of Canada introduces legislation to combat online harms, particularly those impacting children," June 2026. canada.ca