Canada’s privacy regulator issues guidance on age checks for online services
The Office of the Privacy Commissioner of Canada has released new guidance on age assurance, aiming to balance child safety online with data protection obligations.
Canada’s federal privacy regulator has introduced new guidance on age assurance technologies, as policymakers and industry actors face increasing pressure to make online environments safer for children without expanding data collection risks.
Announced by Philippe Dufresne during Privacy Awareness Week 2026, the guidance from the Office of the Privacy Commissioner of Canada outlines how organisations should approach age verification and estimation tools. It focuses on when such systems are appropriate and how they can be designed to limit intrusions into users’ privacy.
The documents target both operators of digital services and developers of age assurance technologies. They set out considerations for assessing necessity, proportionality, and the potential risks associated with collecting or inferring age-related data. The guidance builds on an earlier public consultation, reflecting stakeholder concerns about accuracy, bias, and the handling of sensitive personal information.
The initiative is linked to broader efforts by the regulator to strengthen protections for children online. Alongside the guidance, the Office is advancing work on a proposed Children’s Privacy Code, which is expected to define standards for how organisations process minors’ data. Feedback gathered through consultations indicates a focus on transparency, stronger safeguards, and ensuring that children can meaningfully exercise their rights in digital environments.
Additional research published by the regulator draws on focus groups and a youth summit held in late 2025, where participants highlighted concerns about data misuse, lack of control over personal information, and limited understanding of privacy implications. These findings are intended to inform future policy development and regulatory approaches.
The announcement also coincides with new survey data on business practices. According to the regulator, most Canadian companies report taking steps to comply with privacy laws and preparing for data breach scenarios, although the depth and effectiveness of these measures remain unclear.
