Nurturing Diverse Entities Is Key to Digital Safety

Why Canada’s proposed Digital Safety and Data Protection Commission is the wrong approach to governing online speech and data rights.

Author: Paul Rigden
Posted: July 15, 2026
Canadian digital governance network showing one central regulator connected to specialized privacy, AI, child safety, and enforcement agencies.

The Canadian federal government’s 2026 proposal to overhaul the country's digital regulatory framework hinges on a massive consolidation of power. At the center of this transformation are two pieces of legislation. Bill C-34 (the Safe Social Media Act) focuses on digital safety for minors. Bill C-36 (the Protecting Privacy and Consumer Data Act) addresses sweeping privacy reforms.

To administer both, the government wants to build a single entity. The newly established Digital Safety and Data Protection Commission of Canada would combine the oversight of digital safety and privacy into one monolithic roof.

While proponents praise the efficiency of a single "digital super-regulator," putting every aspect of digital governance into a single basket is a dangerous game. Concentrating this much authority threatens the very protections it is supposed to enforce.

The Proposed Commission: Roles and Powers

The government envisions a commission steered by five cabinet-appointed members. This group would be vested with an unprecedented mandate that crosses multiple specialized disciplines. Their responsibilities would include:

  • Enforcing online safety rules: Specifically safeguarding children under 16 by regulating social media access.
  • Governing AI: Dictating the responsibilities and guardrails for AI chatbots.
  • Enforcing privacy rights: Mandating the right to data deletion and demanding transparency in automated decision-making.
  • Levying massive penalties: Issuing binding compliance orders and imposing fines up to $25 million or 5% of global revenue for serious violations.
  • Adjudicating access: Overseeing companies’ digital safety plans and judging the effectiveness of their age-verification systems.

The Danger of Concentrated Regulatory Authority

University of Ottawa law professor Michael Geist rightly dubbed this new body a "digital super-regulator." It merges online speech regulation with privacy enforcement. These are two vastly different legal and ethical landscapes that international norms usually keep strictly separate.

Merging these responsibilities threatens the independence of our established structures. The biggest casualty is the Office of the Privacy Commissioner. Folding this respected, highly specialized body into a generalized commission means stripping away dedicated private-sector oversight. We aren't just risking a clumsy transition period. We are risking the active dilution of Canadian privacy protections.

Furthermore, combining policy-making, advocacy, investigations, adjudication, and enforcement under one roof creates massive conflicts of interest. You cannot have a single group act as the architect, the police, and the judge without blurring the lines of accountability.

Why Diversity in Regulation Matters

Other nations have already figured out that specialization matters. Australia implemented strict age restrictions on social media for minors, but they purposefully maintained distinct regulatory bodies for digital safety and privacy. This separation allows regulators to cultivate deep expertise in their specific lanes rather than forcing them to be generalists.

In nature, an ecosystem survives because of biodiversity. If one species fails, the system adapts. Regulatory frameworks work exactly the same way. A diverse ecosystem of specialized entities creates natural checks and balances. It encourages innovation in oversight techniques and mitigates the very real risk of regulatory capture.

The Case for a Multi-Entity Ecosystem

A healthy digital governance environment requires separate but cooperative agencies. We need a dedicated privacy commissioner who can focus purely on data protection nuances. We need a separate online safety regulator strictly focused on content moderation and user protection. When issues overlap, such as the use of personal data in algorithmic content moderation, these agencies can collaborate to ensure comprehensive oversight.

This distributed responsibility guarantees accountability. If one regulatory body becomes overburdened or faces operational challenges, the others can maintain pressure on digital platforms and protect the public interest.

Proponents of the single-commission model argue it will reduce bureaucracy and give Canadians a single point of contact. But administrative convenience should never come at the cost of efficacy. The digital landscape is simply too complex for a monolithic bottleneck. To actually protect Canadians, we don't need a super-regulator. We need a dynamic, specialized ecosystem capable of keeping pace with the technology it is trying to govern.

Sources

  • canada.ca - Government of Canada introduces legislation to combat online harms, particularly those impacting children
  • dlapiper.com - An overview of Canada's Safe Social Media Act (Bill C-34)
  • filionlaw.com - Bill C-36 Proposes Major Overhaul of Federal Privacy Law
  • gowlingwlg.com - What Bill C-34 Means for Canadian Digital Providers
  • michaelgeist.ca - One Step Forward, Two Steps Back: Bill C-36 Modernizes Canada’s Privacy Law, Then Delays It to 2030
  • theglobeandmail.com - The dawn of a digital super-regulator
  • canada.ca - Government of Canada tables new legislation to protect children’s data, strengthen privacy and build trust in the digital economy
  • vinciworks.com - Canada’s privacy overhaul creates a digital super-regulator, raising global questions about data protection independence