When Privacy Becomes Optional
Revisiting Canada's COVID Surveillance. Surveillance that is here to stay.
I came across an article about government surveillance yesterday, and it sent me spiraling back to the COVID era. Three years later, and I still can't believe what happened in Canada during those lockdowns.
It hit me all over again: In a democracy, rules are supposed to apply to everyone, right? The government included. But what we saw in Canada during the pandemic was this frustrating double standard where government agencies enforced strict rules on us regular folks while completely ignoring those same principles when it suited them.
Remember that bombshell revelation? The Public Health Agency of Canada (PHAC) admitted to tracking the location data of over 33 million mobile devices during COVID lockdowns. Three years later, and I'm still stunned they never bothered asking for permission.
Look, I get that the pandemic required some extraordinary measures. But there's a line, and secretly tracking the movements of millions of Canadians definitely crosses it.
What Actually Happened
Looking back, PHAC claimed the data was "de-identified" and "aggregated" to analyze lockdown compliance. But what still bothers me to this day: Canadians were never told this was happening. No consent. No public debate. No clear legal basis for this kind of mass surveillance.
I remember thinking at the time: If a private company had pulled this stunt, we'd have been looking at a massive privacy scandal. If local police had tried it without warrants, they'd have been breaking the law. But when a federal health agency did it? It was just brushed off as "necessary for public health." Three years later, and the double standard still makes my blood boil.
The Warning Signs Were There
I still remember when the Citizen Lab at the University of Toronto was raising alarms. Their senior researcher Christopher Parsons submitted that brief to Parliament making it crystal clear: Canada's privacy laws weren't equipped to handle this kind of mass surveillance. The collection of all this location data lacked transparency, oversight, and any real legal safeguards.
In their report "Pandemic Privacy," they warned that these "emergency" surveillance measures would become normalized with no sunset clauses or accountability. Reading it again now, three years later, feels eerie – they were right about the slippery slope. What started with good intentions during the crisis has led to a new normal of government overreach that we're still dealing with.
Where Was the Privacy Commissioner?
I was scrolling through social media yesterday and saw something about Privacy Awareness Week in Canada - you know, that time when the Office of the Privacy Commissioner floods Twitter with tips about how YOU should protect YOUR personal information.
It took me right back to the pandemic. The irony was unbearable then and it's unbearable now. While they were busy telling us to use better passwords, enable two-factor authentication, and shred our mail, they were completely silent when government agencies violated those same rights on a massive scale.
While PHAC was tracking 33 million phones without consent, where was the enforcement? While telecom companies were handing over movement data, who faced consequences? Three years later, and I'm still waiting for the Commissioner's office to show up.
It reminds me of other situations that were happening during COVID:
We were told to stay home for the greater good, while politicians were caught breaking their own lockdown rules.
With recycling, we were made to feel guilty if we put plastic in the wrong bin, while corporations pumped out billions of tons of single-use PPE with zero penalty.
We were told to guard our phones and be careful online, while governments and tech giants mined and traded our data like it was nothing.
Outdated Laws, Convenient Enforcement
Canada's main data privacy law, PIPEDA, was seriously outdated even three years ago. It was written for the early 2000s internet, not the world of mass surveillance we lived in during COVID. It provided almost no real recourse for individuals, no serious financial penalties for government agencies, and relied on "voluntary compliance" that rarely led to any action.
While Europe had GDPR and California had CCPA with actual teeth, Canada was stuck in limbo. Surveillance became normalized during COVID, and our privacy rights depended entirely on whether the government felt like respecting them on any given day.
Looking back now, three years removed from the height of the pandemic, I'm shocked how little has changed.
The Precedent Is What Still Scares Me
This isn't just about COVID anymore. It's about the precedent that was set. When governments collected and used our data without consent, then deflected responsibility with buzzwords about safety and security, they weren't protecting us—they were managing us.
When the people in power rewrote the rules during COVID, and when watchdogs issued warnings without any enforcement, we weren't living under equal accountability. We were living in a system where responsibility only flowed downward.
What's worse? This article I read yesterday makes me think not much has changed since then.
One Big Question Still Remains
Canada is supposed to be a free society. But during COVID, when freedom came with asterisks, and privacy was treated as optional, we weren't talking about governance anymore—we were talking about control.
And here's the question that kept me up at night during the pandemic and still bothers me three years later, the one that PHAC, the Privacy Commissioner, and every government official involved has refused to answer clearly:
Where is all that data now?
PHAC said they used anonymized mobility data for lockdown analysis during the pandemic. But that was only half the story. What happened to it after?
Who has access to it today, three years later?
How is it being stored?
When will it be permanently deleted?
What guarantees do we have that it hasn't been sold, repurposed, or quietly passed to other agencies?
How do we know it hasn't been stolen or leaked to who-knows-where?
We simply don't know—because nobody's telling us, even now.
This is the real problem that seeing this surveillance article yesterday brought back for me: mass data collection without full transparency isn't just a privacy issue—it's a national security threat. During COVID, average Canadians were expected to trust the system, follow all the rules, and protect our own data, while powerful institutions faced zero consequences for collecting it on an industrial scale.
"Trust us," they said during the height of COVID—while refusing to answer the most basic question: What are you doing with our data?
Reading about surveillance yesterday made all these feelings come flooding back. Three years after the pandemic's darkest days, and Canadians still deserve real answers, not just admissions after we've been tracked for months. We need enforceable limits, independent oversight with actual power, and guaranteed deletion policies. Until then, digital privacy in Canada remains what it was during COVID - just another empty promise.
Sources:
National Post article on PHAC's tracking
Citizen Lab Brief (Christopher Parsons)
Citizen Lab Report: "Pandemic Privacy"