New breaches of personal data seem to occur daily. Still, many Canadians aren’t yet ready to accept a world where others control all our secrets
Article content
By the time the Class of 2026 convenes this spring, the world will already know all sorts of personal details about these mostly 25-and-under university and college grads, things no one would have even thought to ask about the generations that preceded them.
Parents began trumpeting their arrivals on social media beginning in 2004, with baby steps and kindergarten performances chronicled on Facebook and, later, Instagram. Security cameras captured their first toddle into a grocery store. Today, they, and the rest of us, can be photographed and videoed without consent or even knowledge, from any one of the more than 12 million CCTV cameras or 30 million smartphones in use in Canada.
Article content
Article content
Advertisement 2
Article content
Some were introduced to computers and cellphones even before grade school, and it didn’t take long before they strapped on smart watches and logged on to social media. Even then, those convenient devices were collecting not just data but creating the start of full profiles — sometimes “anonymized,” sometimes not — for marketing and other purposes.
NP Posted
Article content
Even in the privacy of home, smart fridges were collecting data about the entire family’s eating routines, while smart TVs in living rooms “watched” them, tracking and cataloguing viewing habits. Today, Alexa listens in.
When those fresh-faced graduates apply for that first big job out of school, the odds are their prospective employers will have sifted through everything from social posts to search engines and even online gaming sites. And if you somehow stayed off-line and have no digital footprint at all? That could raise suspicion that you have something to hide.
In short, forget about personal privacy, everyone; it ain’t what it used to be. But do we still care? Should we?
Vaughn Kelly does. The 25-year-old is on social media a lot — everything from Instagram, Substack and Pinterest for personal use, to TikTok, Instagram, Facebook, and Threads regularly for her clients. “I love that social media lets people tell their own stories, in their own voices,” says the employee at Calgary firm Shareworthy PR. But “personally and professionally, I’m thoughtful of what I share and why.
Article content
“You don’t need to be visible everywhere or share everything to build community or do effective work.”
It turns out lots of other people care, too. Even as they embrace social media platforms and sharing apps, they want to keep their personal affairs private, thank you.
For example, a November 2025 Angus Reid Institute survey found that, among Canadians, even most tech optimists worry about the “serious risk” AI poses to their privacy. A 2024-25 survey for the Privacy Commissioner of Canada found “nine in 10 Canadians (89 per cent) are at least somewhat concerned about the protection of their privacy, including 36 per cent who are extremely concerned.”
Leger polling in August 2025 on the use of AI found 83 per cent have privacy worries.
Multiple studies by Pew Research Center in the U.S. found that more than 50 per cent of teen app users are not downloading some apps due to privacy concerns, while 59 per cent of teenage girls say they have turned off location-tracking, with those 18 to 29 being more concerned about their online profiles than older people as they learn more about the dangers of oversharing. Many young people feel they have no control over how their data is collected. Meanwhile, a University of California, Berkeley study found more than 88 per cent of people between 18 and 22 saying there should be laws requiring websites to delete all stored information about them.
Article content
Clearly, the issue is fraught. We’re happy to share photos of last night’s special dinner or a TikTok from the dance floor, but we worry someone might use that information in ways we didn’t plan for. We’re torn between public us and private us.
So are those who govern. In Canada, federal politicians are struggling with the tension between the demands of public safety, and the desire to safeguard citizens’ private information. Even now, they are wrestling over border control and policing powers that some say would reach too far into our personal lives.
The dark side of sharing
Governments are just a small part of the equation. We all know by now that once seemingly innocuous platforms have a dark side. Facebook, with more than three billion users, is the largest social media platform on the planet. It has been repeatedly busted for surreptitiously collecting data through apparently benign quiz apps, allowing third-party apps to access nearly all of its users’ personal data, and sharing user information with advertisers. Not to mention that, thanks to parents’ penchant for photographing kids on their first day of school in front of their homes (house numbers often clearly visible), and other identifying markers on family holidays, the site has been a goldmine for cyber criminals.
Article content
Article content
Even Snapchat, so popular with Gen Z (born 1997 to 2012) and Millennials (born 1981 to 1996), and once thought to offer a modicum of privacy in the form of “disappearing” messages and photos, has been vulnerable to wily hackers.
And then there’s TikTok, which has been collecting sensitive data about its nearly 200 million North American users (14 million in Canada) even when they don’t share or save content, leaving those users vulnerable to cyber attacks. Since it exploded in popularity in North America in 2020, TikTok has reportedly collected everything from keystrokes and browser history to your age and relationship status when using its sign-on technology.
Game apps (Candy Crush) and dating apps (Tinder) have also been fertile grounds for harvesting users’ location and other data.
And then there’s the cloud, that database in the sky that now holds everything from our grocery lists to our most sensitive health records, and is under constant threat of hacking.
More than a decade after American intelligence contractor Edward Snowden blew the whistle on secret information-gathering programs by the U.S. National Security Agency, we can’t even go through a 24-hour news cycle without being subjected to a new scandal about how our private lives are being infiltrated by technology.
Article content
Take, for example, the driver in Kingston, Ont., who spotted a drone hovering outside her vehicle while she was stopped at a red light in May 2025. Stunned by the unusual sight, she took out her phone and snapped a photo of the drone, only to receive a distracted driving ticket in the mail. While the charge was eventually dropped, it’s a telling example of what lengths both governments and corporations will go to in order to discover more about us.
With the daily transgressions into our online and data privacy coming at us like a blast from a fire hose, tech experts such as Tom Keenan, a professor in the School of Architecture, Planning and Landscape at the University of Calgary, readily acknowledge that, in 2026, society is in the midst of a full-blown privacy crisis.
Keenan has been watching these intrusive technologies for decades, having taught Canada’s first computer security course in 1976 and, in 2014, releasing Technocreep: The Surrender of Privacy and the Capitalization of Intimacy, which predicted much of what has unfolded.
The inspiration for the book came when he learned about a smartphone app in 2012 called “Girls Around Me,” that silently linked the users’ Foursquare location app back to the Facebook profiles of the subject. “Back then, few people had done much thinking about how different technology platforms could be melded together,” says Keenan. Someone using the GAM app could know if a nearby woman was single, that she liked the band The Barenaked Ladies, and what her favourite pasta dish was, for instance — personal details that people often put on their Facebook profiles. The GAM user could walk into a bar, find all the women who had checked in on Foursquare, and know just about everything he or she wanted to about them.
Article content
“That story,” says Keenan, “hit all dimensions of creepiness.”
Today, it’s almost like a game of Whack-a-Mole, even for him, trying to keep up with things such as health-tracking smart watches (“they know you had sex at 2:30 a.m.”) to Google’s new Gmail AI assistant, what Keenan calls a “very creepy” new offering in which a bot scans your inbox content to help organize and even compose e-mails. “I thought it would happen linearly but it’s happening exponentially,” says Keenan of technology’s incursions, noting that even developments such as a drop in the price of digital storage will make it easier for others to keep images for decades.
“Beware of time-travelling robots from the future,” says Keenan. “If you record something now, even if it’s not interesting now, it might be in the future.
“A lot of sites are recording everything they can now, waiting for quantum encryption to come along.”
We give away so much information, it shouldn’t be a surprise that people use it.
Tom Keenan, author, Technocreep
Keenan answers the “I have nothing to hide” dissenters with a disturbing anecdote he heard from a police officer, about a businessman who parked his car in the same office parkade each morning, not knowing a high-ranking criminal gang member parked in the stall next to his.
“He said hello to the man each morning and that was enough to get himself on a police watch list for associating with the Mafia,” says Keenan of the story, which is included in his book, Technocreep. “We give away so much information, it shouldn’t be a surprise that people use it.” It’s also a good example, he adds, of how “misinformation about you can actually be dangerous.”
Article content
Daily, we read about breaches of private information, from the hacker who allegedly accessed Mark Carney’s banking profile to an ex-Regina police sergeant who dug into the force’s database to find vulnerable women, disguised his own identity, then asked them out. Recently, he got a conditional sentence of two years less a day, to be served in the community. The women reportedly told the court their trust had been shattered.
Data mining, biometrics and deepfakes
While privacy may seem all but dead in this second quarter of the 21st century, the whole idea of it is a relatively new societal obsession, exploding into the public consciousness in the late 19th century, when massive changes in industry, technology and society challenged long-held beliefs about private versus public.
According to the Cambridge Dictionary, privacy refers to “the right to keep one’s personal matters and relationships secret.” A more nuanced understanding, the right to control what is known about you and by whom, makes more sense in the age of such modern-day Peeping Toms as data mining, video surveillance, recommended algorithms, biometrics tracking and, of course, those dreaded deepfakes.
Privacy is a concept we see as one of our more essential human rights, but there can be vast differences in how individuals view it. “Ask a naked person at a clothing-optional beach for their social security number,” says Halifax privacy lawyer David Fraser, by way of stark example. “They’re going to say you’re violating their privacy. Each one of us makes deliberate decisions about what we share with the world.”
Article content
For millennia, privacy was a luxury afforded to very few. Hunter-gatherer families lived in dwellings without internal walls, sharing one bed, with all domestic activities, from sex to bathing, undertaken in full view. And don’t think Roman baths were private, either. They “had libraries, shops, exercise rooms, barbers, beauticians, tennis courts, snack bars and brothels. People from all classes of society used them,” wrote Bill Bryson in his book At Home: A Short History of Private Life.
The introduction in the late 19th century of sensationalist “yellow” journalism and the Kodak camera, with its 100-exposure film roll and $25 price tag (about $900 in 2026 dollars), thrust the issue of privacy into the public sphere. In 1890, Samuel D. Warren and future U.S. Supreme Court justice Louis Brandeis wrote the seminal essay “The Right to Privacy” in the Harvard Law Review.
Their argument, which popularized the phrase “the right to be let alone,” was that the rapid pace of technological developments required the law to protect said right. Warren and Brandeis penned their treatise partly in response to the widespread use of new technologies like those film cameras, newspapers and telephones, says Sarah Igo, a law, political science and sociology professor at Vanderbilt University and the author of the award-winning book The Known Citizen: A History of Privacy in Modern America.
Article content
“Together they created an unsettling sense that the boundaries around the person, around the home, the domicile, were really changing,” says Igo, “that there was a whole new media technology world that was playing havoc with how people thought about what they shared, how they shared it and how they came to be known by others.”
It was all “a big leap that society was not prepared for,” says Igo, adding it led to a conversation we’re still having today “about the proper boundaries and protections around individual privacy.”
The Known Citizen chronicles that more innocent time and what happened over the century that followed. That included everything from opinion polling, market research and data collection from both the private and public sector, to lie detectors, wiretapping, electronic eavesdropping and the emergence of the field of psychology, with its myriad tests and questionnaires. In 1948, The United Nations included the right to privacy in the Universal Declaration of Human Rights.
In Canada, similar conversations and debates about privacy were taking place, one of the most notable in 1967 when then-justice minister Pierre Elliott Trudeau declared, “there’s no place for the state in the bedrooms of the nation,” arguing for the decriminalization of “homosexual acts” that took place in private. By 1973, Canada had the Protection of Privacy Act, banning all private use of electronic eavesdropping.
Article content
Our privacy concerns in 2026 differ markedly from those of earlier generations; today, the dominant issue is data and information. But our concern for boundaries is contradicted by another aspect of human nature: our desire to connect, the flip side of Warren and Brandeis’s “right to be let alone.”
We want to know others, and we want others to know us, sometimes in extreme and questionable ways. In the late 20th century, TV shows such as The Oprah Winfrey Show and Dr. Phil capitalized on our voyeuristic tendencies, while the advent of the Internet widened the tell-all bandwagon, with countless bloggers baring their souls and, later, Instagrammers posting daily images of pouty lips and pretty locales. All of this, says Igo, who refers to the phenomenon as our confessional nature, shows that “an old and deep human urge to tell one’s own story” continues despite the daily warnings of how our privacy is being violated.
Such need for connection made reality TV stars such as Kim Kardashian rich and famous for no reason, and subjected the world to such inane musings as that of longevity expert Bryan Johnson, who recently received 20 million views of his somewhat incomprehensible love letter to his new girlfriend on X.com: “The time apart has been costly. My body’s electrical signaling betrays the separation. Without her touch, my vagus nerve’s 100,000 myelinated fibers have dropped their high frequency spectral power, squawking distress.” Yup, we needed him to share that.
Article content
But we’re not above violating the privacy of celebrities, even while cherishing our own. Think about the paparazzi hounding the late Diana, Princess of Wales, or the lawsuits by her youngest son, Harry, over tabloid coverage of his marriage.
Even the late, great Gordie Howe became a victim of the human compulsion to invade others’ privacy. In 2007, he won a temporary restraining order against his next-door neighbour in a Michigan suburb. The neighbour had for a year pointed a camera at Howe’s home, taking more than 17,000 photos a day to try to prove the NHL legend was violating the homeowners’ association rules by conducting business in his home.
Warnings over Grok AI’s ‘spicy mode’
While privacy’s demise has been lamented countless times over the last 150 years, it’s arguable that George Orwell’s groundbreaking novel 1984, with its “Big Brother, the all-seeing eye of the totalitarian state, bent on obliterating the spaces for individual freedom and conscience,” is more relevant today than at any time since it was published nearly 80 years ago. Our fears about corporate, government and even our next-door neighbour’s surveillance has reached a fever pitch, thanks to AI, the increasing sophistication of facial recognition technology and news headlines reporting daily on all the ways our privacy can be violated. “Wireless headphones can be hacked,” (New York Times, Jan. 25, 2026), and “A Faceless Hack Stole my Therapy Notes — Now my Deepest Secrets are Online Forever,” (BBC, Jan. 16, 2026) are just two recent examples.
Article content
Then there’s the current outrage courtesy of Elon Musk’s Grok AI, which earlier this year introduced a video and image creation function in so-called “spicy mode,” flooding the internet with non-consensual, deepfake sexual imagery of women and children. While some countries quickly put up temporary bans, there have been few consequences, according to award-winning tech writer Kara Swisher. “X has arguably become the tool for creating and distributing AI-generated child sexual abuse material,” she said on her Jan. 25 podcast, On With Kara Swisher, noting that it would have been easy for Musk’s team to set up safety “guardrails” before rolling out the new product.
The big tech companies such as Meta (parent of Facebook, Instagram, Threads and more) keep making the news for privacy pillaging — a new Facebook feature rolled out in late January allows viewers to share and view locations of others on a map — while under its new, mostly American owners, TikTok sparked outrage after introducing changes to its privacy policy to expand the type of location data it can collect from users.
Most of us understand that sometimes a trade-off is necessary between our privacy and our safety, such as bag searches at airports, but it seems that Big Brother is always finding new ways to overreach, such as the news about U.S. border patrol agents searching electronic devices for opposition to the current administration, and ICE agents using facial recognition, social media and other tech tools to compile a database of both suspects and protesters, and sometimes mere bystanders.
Article content
Bill C-2, the Canadian government’s first attempt at a stronger border security bill in 2025 — hastily put together to appease the Trump administration, many charged — gave government and border officials broad new powers to search devices, collect data and even open the mail of citizens without a warrant, alongside data-sharing with the United States. A coalition of civil rights groups, academics and legal experts quickly decried it as “a multi-pronged assault on the basic rights and freedoms Canadians hold dear,” one that was “likely unconstitutional.”
Bill C-12, which passed in the House of Commons in December, removed such sweeping powers as opening mail or demanding service providers hand over subscriber information without warrant; however, the original bill C-2 lingered. Sources recently told National Post the government is now considering a narrower bill that would contain additional search powers for police and spy agencies.
Meanwhile, Bill C-8, introduced around the same time as Bill C-2 and intended to tackle cybersecurity threats and online harm, drew its own share of criticism. Data privacy expert Kevin Pike wrote in the Ottawa Citizen that it places “the switchboard of Canadian speech inside the executive’s control … a courtroom convicts after proof, whereas C-8 would intervene before a word was ever spoken.”
Article content
After the COVID passports of just a few years ago, requiring people to show proof of vaccination in order to enter some venues, many now watch any hint of privacy incursions with great suspicion.
How government hides behind privacy
Adding to the privacy paradox, governments are turning the tables on citizens, increasingly invoking privacy to keep us from knowing things that we are entitled to know, and that, in many cases, are necessary for public safety.
Dean Beeby, a veteran investigative journalist, came up against an egregious incidence of what he calls “Fortress Privacy” while researching his book on Basil Borutski, who murdered three women on the same day in Renfrew County, Ont., in 2015. Even after Borutski died in prison in 2024, government officials repeatedly refused Beeby’s requests for important information on the killer, citing his “privacy” even posthumously.
“It wasn’t just my frustration as a journalist who was unable to tell the whole story,” Beeby says. “The targets of his assault were also endangered by those protections.” Beeby points out that before the killing spree, one eventual murder victim couldn’t even find out if Borutski was living in the vicinity, after he had earlier been convicted for assault against her and released from prison. “They wouldn’t tell her where he lived so she could make sure she never crossed paths with him again,” he says. “But he knew where she lived.”
Article content
That’s just one story of a system, says Beeby, “that is not taking into account safety, and is defaulting to the privacy of (the) perpetrator.” He adds that the Canada Border Services Agency has also refused to hand over information detailing the late child sex offender Jeffrey Epstein’s attempt to enter Canada in 2018, citing the Privacy Act (he also came to Vancouver in 2014, after his conviction). “We should know a lot more about what he was up to, why he was trying to come to Canada,” Beeby says of the U.S. citizen. “The whole thing is absurd and it’s totally out of balance.”
In a recent substack column, Beeby looks at another issue surrounding government privacy claims: the “abysmal” state of the access-to-information system. In restricting people’s right to know, the government often cites privacy concerns.
That’s a problem longtime Ottawa journalist Tom Spears is all too familiar with. While he notes that some provincial and federal government departments are great to work with on these access requests, there are too many exceptions.
“In 2019, I asked for some very basic, innocuous stuff from Environment Canada, and I should not still be waiting five and a half years later for an answer,” says Spears, who worked the environment beat for years. One of his requests was for information on himself. Spears, who began his career in 1977, says journalists started noticing an increasing desire in the 1990s among government officials to reject information requests, and to use privacy as a reason. It’s a development that continues and has never been clearly explained.
Article content
“Claiming privacy should not be happening,” he says. “This is hiding, this is creepy.”
So, where is the balance? Where do we draw the lines of what should be private, what should be public? And is anyone helping us in our quest to hold on to the last vestiges of our own privacy? As some have phrased it, who’s watching the watchers?
Canada, which lags behind Europe in curtailing the prying of big tech companies, has no single regulatory authority dedicated to governing data protection laws, though it does have a federal privacy commissioner’s office, which provides information and advice, as well as conducting investigations. Each province and territory has its own privacy commissioner or ombudsman and some have their own private personal information acts. Several provisions of the Criminal Code address such crimes as unreasonable search and seizure, unlawful communications interception, voyeurism and the production and dissemination of non-consensual intimate images.
While that sounds like legal wheels turning, according to expert Christopher Deitzel, there are few consequences for the worst violators of our privacy.
“Some people are feeling very stuck right now,” says Dietzel, affiliate associate professor in the department of communication studies at Concordia University. Most of the tech companies involved in privacy violations are in the U.S. and the Trump administration doesn’t appear all that interested in regulating the issue. The companies have shown little to no interest in self-regulation.
Article content
Dietzel, who says Canada has a “piecemeal” approach to protecting the privacy of its citizens, is concerned about that lack of self-regulation. Tech companies such as Meta and X have laid off the lion’s share of staff who were dedicated to monitoring privacy and safety risks, replacing them with features such as “community notes,” a form of crowdsourced quality monitoring. “It’s now the community’s responsibility to respond to problems, rather than having these billion-dollar companies employ the people to do the work to keep people safe,” he says. He predicts that the situation will become even more dire with the rapid growth of AI.
Dietzel, who is working on a number of projects, including dating app safety and researching Canadian teens’ experiences with tech, says it’s unfortunate that Canada lags behind countries such as Australia and New Zealand, which have strong data protection laws. “We’ve tried a few times to have an online harms bill passed,” he says. “We really don’t have a national strategy.”
Yet Dietzel doesn’t agree with banning kids under 16 from accessing social media, something Australia recently instituted, with countries such as France following suit. “All it does is say that young people aren’t going to be introduced to those harms until they’re 16,” while doing nothing to address the harms, he says. “There’s no motivation for them (social media companies) to try and change these systems. I don’t think the ban is going to achieve what it attempts to achieve.”
Article content
Even so, an online Leger poll conducted among Canadians earlier this year for the group Safer Online Spaces found that 90 per cent of respondents favoured a minimum age requirement for accessing certain social media platforms.
Privacy lawyer David Fraser agrees with Dietzel that we need to consider other rights when it comes to creating laws and policies around privacy. He cites the example of Nova Scotia’s 2013 Cyber Safety Act, created after the suicide of Rehtaeh Parsons, a teenager whose sexual assault was photographed and posted on social media. It was the first jurisdiction in Canada to try to regulate cyberbullying, but the legislation violated freedom of expression as guaranteed by the Charter of Rights and Freedoms, since it was so broad. The “draconian law,” as Fraser calls it, was struck down by that province’s Supreme Court. New legislation was later passed.
Fraser says there’s been some progress in the Criminal Code dealing with crimes such as distributing non-consensual pornographic images or video (often referred to as “revenge porn”). But the code is slow to catch up to new technologies. “One thing they didn’t foresee was generative AI” and its ability to make entirely fabricated deepfakes, such as the now infamous, sexualized deepfake image of pop star Taylor Swift, which prompted outrage from fans.
Article content
Article content
However, he points out that when citizens use technology to turn the tables on oppression, it can be a good thing. “There’s a reason there’s been so much attention paid to the tragic deaths of two people in Minnesota,” Fraser says of the shootings of two American citizens by ICE agents. “It’s because it was captured on video. It was Little Brother rather than Big Brother.”
Those witness videos, which shed light on the horrifying incidents, echo the actions bystanders also used in recording the 2020 killing of fellow Minnesotan George Floyd by police — and even hearken to pre-cellphone 1991, when witness George Holliday videotaped the beating of Rodney King by police in Los Angeles. The same technology that invades our privacy can also empower us.
For digital natives such as Vaughn Kelly, there are many positives about all these technologies that can be employed for both good and bad. “When social media is used with intention, it can be a way to connect without compromising personal boundaries,” she says.
“Being digitally connected does mean participating in systems that collect data, and I don’t think it’s realistic to pretend otherwise. At the same time, I don’t think the solution is disengagement so much as intentional engagement.”
Article content
So far, there are still some ways to thwart the system. Many users employ “finstas,” for instance: short for fake Instagram identities. They’re the accounts of real people, not bots, but the made-up ID allows the user (and friends) to share content without having the rest of the world know it’s them. Countless celebrities — including Kardashian — have said they run fake accounts.
Tom Keenan, who’s been watching tech developments for close to four decades, says the average person can adopt strategies to better guard their privacy in this new world. “I have so many birthdays,” he says of his own many identities online. “Is it OK to lie to the Internet? Yes, it is.”
Be “info stingy,” he advises. “When the government or your bank asks you for information, they’re probably entitled to it. But your grocery store isn’t. Think about why you’re giving out information.
“The danger,” Keenan says, “is there’s nowhere to hide anymore. If you really want to protect your privacy, it’s just going to be a lot of work.”
Main image: iStock/Getty Images
Article content
