The World Anti-Doping Agency has agreed to only use athletes’ highly sensitive personal information for “anti-doping purposes,” Canada’s privacy commissioner announced Tuesday, resolving a years-long investigation into the organization’s data sharing practices.

The Office of the Privacy Commissioner of Canada said in a statement that the World Anti-Doping Agency had committed to a series of measures that will help ensure international sport federations and anti-doping organizations do not use information collected from athletes for any other purpose.

“The World Anti-Doping Agency is entrusted with safeguarding the highly sensitive personal information of thousands of athletes from around the globe,” privacy commissioner Philippe Dufresne said.

“I welcome WADA’s commitment to take steps to help ensure that this information is only used for the purposes for which it was collected.”

The World Anti-Doping Agency told Global News in a statement that it was “pleased” to enter the compliance agreement and resolve the investigation.

“WADA takes the privacy of athletes’ data very seriously and has always maintained compliance with applicable privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA),” a spokesperson said.

“WADA has not admitted to any contravention of privacy rules in Canada or elsewhere, but it is committed to working with regulators to address evolving privacy best practices.”

Get daily National news

Get daily Canada news delivered to your inbox so you’ll never miss the day’s top stories.

Dufresne launched an investigation in November 2024 after receiving a complaint that alleged the World Anti-Doping Agency had disclosed biological sample information to international sporting federations, which was using the information to assess athletes’ sex-based eligibility without their knowledge or consent.

Such actions, if proven, would violate Canadian privacy law, which the Montreal-based agency became subject to in 2015.

The compliance agreement, which is signed by the agency’s director general and president, says the World Anti-Doping Agency has disputed the allegations as well as Dufresne’s jurisdiction over the investigation.

“WADA is prepared to enter into this agreement to resolve the commissioner’s investigation, but WADA does not admit any contravention” of PIPEDA, the agreement says.

1:55
World Anti-Doping Agency extends their stay in Montreal

The commitment comes shortly after the conclusion of the Winter Olympic Games in Italy but with the FIFA World Cup just three months away from kicking off in Canada, the U.S. and Mexico.

Under the terms of the agreement, the agency will update the World Anti-Doping Code by Jan. 1, 2027, to specify that athlete information collected for its Anti-Doping Administration and Management System must only be used for anti-doping purposes.

It must communicate that statute to anti-doping organizations within one month of the signing of the agreement, and update the privacy commissioner on the mechanism it will use to ensure those organizations are compliant no later than six months after signing.

The World Anti-Doping Agency must submit quarterly reports to the privacy watchdog on its progress in implementing its remedial measures until they are fully in place.

Dufresne retains the right to apply for a court order forcing the agency to comply if he believes the measures set out in the agreement have not been completed.

“WADA’s decision to enter into this agreement does not constitute acceptance of the OPC’s jurisdiction over the matters addressed in this process, and WADA expressly reserves its rights in that regard,” the agency’s spokesperson told Global News.

“However, WADA is fully committed to satisfying all obligations within this compliance agreement.”

&copy 2026 Global News, a division of Corus Entertainment Inc.

The federal government on Thursday tabled a new version of its “lawful access” legislation that would give police new powers to pursue online data for investigative purposes while addressing some of the privacy concerns raised by the original version of the bill.

Speaking at an announcement in Ottawa outlining the new Bill C-22, Public Safety Minister Gary Anandasangaree and other ministers said the narrower legislation came after several consultations with police and privacy groups to address concerns while giving law enforcement the tools they need.

“This new legislation … balances the needs of law enforcement with the privacy and civil rights that Canadians demand,” Anandasangaree said.

“I want to be clear what C-22 is not. It is not about surveillance of Canadians going on about their daily lives. It is about keeping Canadians safe in the online space.”

Although the new bill still contains warrantless powers, those would now be restricted to a new “confirmation of service demand” for telecommunication service providers to say whether or not they have provided services to a specific person.

Production orders for additional information will be narrowed under the new bill to basic identifying information like names and addresses, and will now require a judicial warrant under a “reasonable” suspicion threshold.

Those orders will still apply to a broader definition of online service providers beyond internet and phone companies, however.

The timeline for production orders to be challenged in court will be extended from five days after they are issued to 10 business days under C-22.

The new bill would also allow Canadian police to seek authority, through a court, to request transmission data or subscriber information from a foreign company like Google, Meta or OpenAI.

Government officials said during a technical briefing Thursday that nothing in the bill would be able to force those companies to share that information, however.

The bill does not address calls from B.C. Premier David Eby and others to require AI companies to report troubling online behaviour to police, in the wake of the Tumbler Ridge, B.C., mass shooting.

Get daily National news

Get daily Canada news delivered to your inbox so you’ll never miss the day’s top stories.

Anandasangaree said lawful access was a separate issue from the concerns raised by Open AI’s previous knowledge of the Tumbler Ridge shooter’s ChatGPT activity. Other federal ministers have previously suggested they may pursue separate legislation on police reporting requirements.

C-22 will also set requirements for “core” electronic service providers to develop and update their technical capabilities in order to align with international partners like Five Eyes allies.

For example, a provider that does not have the necessary capabilities to allow law enforcement to track cellphones of a suspected terrorist group would be required to implement that ability, subject to a ministerial order.

Those orders would be subject to approval by the federal intelligence commissioner, another update from the original version of the bill.

That earlier bill, C-2, generated controversy from the sweeping way it sought to implement a lawful access regime that the government and police forces across the country say is urgently needed in Canada.

3:02
‘Canada must be secure’: New border bill gives new powers to CBSA officers, police, postal workers, Health Canada

Those officials noted Thursday that Canada is the only Five Eyes partner without such powers, and that measures to ensure Canadian telecom firms are keeping their services updated to comply with law enforcement needs haven’t been updated since the 1990s.

“The reality is that crime has changed faster than the laws and processes that police rely on to investigate it,” Ottawa Police Chief Eric Stubbs said at Thursday’s press event.

Officials on Thursday used the example of a sextortion victim on Instagram going to the police for help.

Under C-22, investigators would be allowed to ask Meta for the identifying IP address of the alleged perpetrator, demand the Canadian internet provider to confirm if that person was using their services and seek a production order for the person’s name and address.

Stubbs contrasted that example with a current case where police had to wait between 12 days and 11 weeks for the return of data from six different social media accounts used by a suspect to allegedly spread non-consensual, sexualized AI deepfake images.

C-2 was originally introduced last year as a broad border security and community safety bill that also included new rules on asylum and immigration, but Conservatives vowed to block it unless the lawful access powers were removed and reworked.

Privacy experts and advocates warned the original version would allow any company that provides online services — from internet providers to dating sites to hotels — to provide identifying information to police without a warrant.

The backlash forced the Liberals to separate the border security and immigration measures into a new bill, C-12, which has since passed the House of Commons and is nearing final approval in the Senate.

Justice Minister Sean Fraser said that criticism helped to improve the lawful access legislation from what was originally proposed.

“I actually find that the perspectives that come out when you first table a bill in Parliament, engage in a conversation, that allows you to improve the laws that we’ve adopted,” he said.

“By restricting the definition of service provider to electronic service providers — effectively cell phone companies, internet service providers — we can communicate to Canadians that our intent is not to go after your health care information from a family physician, for example, but instead are trying to track down the manner in which criminal organizations and criminals are using modern tech to commit crimes.”

C-22 will require annual public reporting on all ministerial orders issued to core providers, with unredacted versions provided to the National Security and Intelligence Committee of Parliamentarians and the National Security and Intelligence Review Agency.

Anandasangaree noted the legislation would also require a parliamentary review three years after its passage, which Fraser said would ensure it keeps up to date with emerging and evolving technology.

&copy 2026 Global News, a division of Corus Entertainment Inc.

The federal government on Thursday tabled a new version of its “lawful access” legislation that would give police new powers to pursue online data for investigative purposes while addressing some of the privacy concerns raised by the original version of the bill.

Speaking at an announcement in Ottawa outlining the new Bill C-22, Public Safety Minister Gary Anandasangaree and other ministers said the narrower legislation came after several consultations with police and privacy groups to address concerns while giving law enforcement the tools they need.

“This new legislation … balances the needs of law enforcement with the privacy and civil rights that Canadians demand,” Anandasangaree said.

“I want to be clear what C-22 is not. It is not about surveillance of Canadians going on about their daily lives. It is about keeping Canadians safe in the online space.”

Although the new bill still contains warrantless powers, those would now be restricted to a new “confirmation of service demand” for telecommunication service providers to say whether or not they have provided services to a specific person.

Production orders for additional information will be narrowed under the new bill to basic identifying information like names and addresses, and will now require a judicial warrant under a “reasonable” suspicion threshold.

Those orders will still apply to a broader definition of online service providers beyond internet and phone companies, however.

The timeline for production orders to be challenged in court will be extended from five days after they are issued to 10 business days under C-22.

The new bill would also allow Canadian police to seek authority, through a court, to request transmission data or subscriber information from a foreign company like Google, Meta or OpenAI.

Government officials said during a technical briefing Thursday that nothing in the bill would be able to force those companies to share that information, however.

The bill does not address calls from B.C. Premier David Eby and others to require AI companies to report troubling online behaviour to police, in the wake of the Tumbler Ridge, B.C., mass shooting.

Get daily National news

Get daily Canada news delivered to your inbox so you’ll never miss the day’s top stories.

Anandasangaree said lawful access was a separate issue from the concerns raised by Open AI’s previous knowledge of the Tumbler Ridge shooter’s ChatGPT activity. Other federal ministers have previously suggested they may pursue separate legislation on police reporting requirements.

C-22 will also set requirements for “core” electronic service providers to develop and update their technical capabilities in order to align with international partners like Five Eyes allies.

For example, a provider that does not have the necessary capabilities to allow law enforcement to track cellphones of a suspected terrorist group would be required to implement that ability, subject to a ministerial order.

Those orders would be subject to approval by the federal intelligence commissioner, another update from the original version of the bill.

That earlier bill, C-2, generated controversy from the sweeping way it sought to implement a lawful access regime that the government and police forces across the country say is urgently needed in Canada.

3:02
‘Canada must be secure’: New border bill gives new powers to CBSA officers, police, postal workers, Health Canada

Those officials noted Thursday that Canada is the only Five Eyes partner without such powers, and that measures to ensure Canadian telecom firms are keeping their services updated to comply with law enforcement needs haven’t been updated since the 1990s.

“The reality is that crime has changed faster than the laws and processes that police rely on to investigate it,” Ottawa Police Chief Eric Stubbs said at Thursday’s press event.

Officials on Thursday used the example of a sextortion victim on Instagram going to the police for help.

Under C-22, investigators would be allowed to ask Meta for the identifying IP address of the alleged perpetrator, demand the Canadian internet provider to confirm if that person was using their services and seek a production order for the person’s name and address.

Stubbs contrasted that example with a current case where police had to wait between 12 days and 11 weeks for the return of data from six different social media accounts used by a suspect to allegedly spread non-consensual, sexualized AI deepfake images.

C-2 was originally introduced last year as a broad border security and community safety bill that also included new rules on asylum and immigration, but Conservatives vowed to block it unless the lawful access powers were removed and reworked.

Privacy experts and advocates warned the original version would allow any company that provides online services — from internet providers to dating sites to hotels — to provide identifying information to police without a warrant.

The backlash forced the Liberals to separate the border security and immigration measures into a new bill, C-12, which has since passed the House of Commons and is nearing final approval in the Senate.

Justice Minister Sean Fraser said that criticism helped to improve the lawful access legislation from what was originally proposed.

“I actually find that the perspectives that come out when you first table a bill in Parliament, engage in a conversation, that allows you to improve the laws that we’ve adopted,” he said.

“By restricting the definition of service provider to electronic service providers — effectively cell phone companies, internet service providers — we can communicate to Canadians that our intent is not to go after your health care information from a family physician, for example, but instead are trying to track down the manner in which criminal organizations and criminals are using modern tech to commit crimes.”

C-22 will require annual public reporting on all ministerial orders issued to core providers, with unredacted versions provided to the National Security and Intelligence Committee of Parliamentarians and the National Security and Intelligence Review Agency.

Anandasangaree noted the legislation would also require a parliamentary review three years after its passage, which Fraser said would ensure it keeps up to date with emerging and evolving technology.

&copy 2026 Global News, a division of Corus Entertainment Inc.