Our recommendations for online safety legislation in Canada.

Stirling Coulter-Hayward

The other day, someone commented on one of our Facebook posts:

“What’s taking so long? We already have this technology. You’re not reinventing the wheel.”

Granted, they weren’t in our Early Access Program, so they hadn’t seen the infrastructure, app, or moderation policies, and neither had they connected with the lovely community that’s grown there as a result of all the work.

So in many ways, we kind of are reinventing the wheel.

Case in point: moderation and online safety. As part of building Gander, we took a deep dive into the Canadian Charter, online safety frameworks, and moderation models from Canada and around the world alongside legal counsel.

We weren’t just thinking about what kind of moderation system we wanted for Gander. We were also exploring a bigger question:

How do you create safer online spaces without sacrificing privacy, accessibility, free expression, and democratic participation in the process?

Earlier this month, that work became especially relevant when Gander was invited to provide recommendations regarding the future of online safety legislation in Canada to the Office of the Minister of Canadian Identity and Culture and Minister Responsible for Official Languages.

We believe these conversations should happen publicly and transparently wherever possible, so we are publishing our responses in full below.

Question 1

What were your organization’s perspectives on the former Bill C-63 at the dissolution of the previous Parliament? What amendments would you suggest, should Part 1 of C-63 be re-introduced?

Minimalist editorial-style graphic featuring the statement “Privacy and safety should advance together.” in bold black typography on a light grey background with generous white space.
  • Gander supports the central purpose of Part 1 of Bill C-63: creating a federal online safety framework; holding platforms accountable for addressing serious and foreseeable harms; and recognizing the seven categories of harmful content identified in the former bill, including child sexual exploitation, non-consensual intimate imagery, bullying of children, content that induces children to self-harm, hate, incitement to violence, and violent extremism or terrorism.[1]
  • We also support the broader principle behind the approach: online safety cannot rest entirely on individual people, and platforms have a responsibility to design, operate, and govern their services in ways that reduce preventable harm. Especially when platform design often actively promotes harmful content as a business inventive.
  • That principle is consistent with Gander’s own approach. Our Community Guidelines are grounded in Canadian Charter values and are designed to support healthy conversation, dignity, and inclusive participation.[2][3] Gander draws firm lines around serious harms, including child sexual abuse material, violent threats, fraud, scams, hateful ideology, harassment, bullying, and harmful deception.[2][3] As it relates to former Bill-C63, it is our position that Charter protections are sufficient when actively applied and enforced by social media platforms. Broadened enforcement powers against individuals are not needed if the platforms are themselves effectively regulated. Platforms operating within Canada must be subject to Canadian jurisdiction.
  • Gander applies a harm-reduction model. Where appropriate, we favour proportionate tools rather than treating content takedown or suppression as the only available responses; those tools include content labels, sensitivity screens, warnings, reduced visibility, and appeal pathways.[2][3] The concept of proportionality is critical to protect free expression and healthy democratic participation.
  • Bill C-63 made two things clear: Canada needs a federal online safety law, and that law should be narrow in its scope: the application of existing laws (i.e. the Charter) and platform design. It should not include additional enforcement measures that reduce Canadians privacy online nor should it require social media platforms to collect more information than they need to operate (for instance biometrics).
  • In particular, the debate over the bill’s Criminal Code and Canadian Human Rights Act provisions risked overshadowing the more widely supported platform-accountability measures in Part 1.[4][5] Legal scholars and policy observers also raised valid concerns that unclear duties, high-stakes liability, or overly broad enforcement powers could push platforms toward excessive monitoring of individuals, or reducing the space for legitimate free expression.[4][5] These run counter to the bills stated goals and also create high risk situations for Canadians using social platforms who must in effect exchange their privacy for access to social media platforms. These concerns should be addressed directly if Part 1 is reintroduced.
Amendments we would suggest if Part 1 is reintroduced
  • Keep Part 1 focused on platform accountability and systemic risk reduction. A reintroduced bill should stand on its own as an online safety framework. The Government should avoid bundling platform duties together with unrelated or highly contested criminal and human rights provisions. Bundling platform duties with human rights provisions weakens public trust in the online safety measures themselves and often has a chilling effect on healthy civic dialogue.[4]
  • Make harm reduction an operating principle. Not every harmful or sensitive online situation is best addressed through removal. For lawful but potentially sensitive content, tools such as warning screens, user controls, labels, reduced distribution, and clear appeals can protect people while preserving meaningful expression. That is central to Gander’s own policy model.[2][3]
  • Protect legitimate public-interest content. Online safety law should not unintentionally suppress content that may be disturbing but socially valuable, including journalism, documentary evidence, educational material, scientific discussion, artistic work, satire, or records of war crimes and humanitarian crises. Gander’s own policies recognize contextual exceptions for educational, documentary, scientific, artistic, and newsworthy material. A reintroduced Part 1 should provide similar clarity.[2][3]
  • Build accessibility into the safety framework. A safety measure is not successful if it creates new barriers to participation for people with disabilities, people with lower digital literacy, people without conventional government identification, newcomers, lower-income people, or those living in rural and remote communities. Compliance obligations should be assessed not only for effectiveness, but also for whether they are realistically usable and accessible to the public.
  • Do not define youth safety as youth exclusion. Gander is currently designed as an 18+ platform, and our rules do not permit accounts held by people under 18.[2] That is a deliberate product and community choice and will remain in place until we can implement evidence based guardrails for youth on Gander Social. National public policy should be careful not to treat broad exclusion of young people from digital life as the default answer to online harms. Young people use online spaces for learning, creative expression, civic participation, peer connection, and support. The more nuanced public-policy goal is age-appropriate and safer participation. This is something we would welcome as a social media platform, especially as it relates to the regulation of platform design.
  • Write data minimization directly into the law. Any age-related, safety, or risk-management obligation should be designed to collect the least amount of personal information needed for the purpose. Legislation should not push platforms toward gathering sensitive identity data, biometric information, or behavioural profiles in the name of safety. This is of particular note when considering platforms that are not sovereign and thus give foreign governments access to Canadians personal information.
  • Pair regulation with education and wrap-around supports. Platforms must be accountable, but legislation alone cannot carry the full weight of child online safety. Canada should invest in public education campaigns and practical supports that help communities, educators, parents and caregivers, and young people understand online risks, recognize harmful situations, respond early, and know where to turn for help. A stronger safety framework should build capacity around people, not only obligations around platforms.
  • Recognize that harms to children are not limited to what children post themselves. Content that creates risk for children is sometimes shared by adults with innocent intentions, including parents and caregivers posting family images online. Those images can later be copied, redistributed, or repurposed in harmful ways, including through image-based abuse and AI-generated sexualized deepfakes. A reintroduced online safety framework should account for these pathways and should support public education that helps adults understand how ordinary sharing can create downstream risks for children.
  • Avoid creating surveillance incentives. Part 1 should make clear that platforms are not expected to proactively monitor private communications or indiscriminately scan lawful content to meet their duties, except in the narrowest and most clearly justified circumstances. Concerns about over-monitoring and surveillance were central to criticism of the former bill and should be resolved, not repeated.[5] This creates huge risk for Canadians using these platforms, and will potentially have a chilling effect on healthy democratic participation. Further, this is extremely dangerous when considering platforms that are privy to The CLOUD Act or similar policies held by foreign governments.
  • Ensure fair process, clear standards, and accountable oversight. Any Digital Safety Commission, or similar regulator, should operate with strong procedural safeguards, transparent decision-making, appeal rights, and clear evidentiary standards. Concerns raised about the breadth of the former Commission’s powers and the limited procedural constraints in the original bill should be addressed in any future version.[4]

Question 2

What lessons can Canada take from peer nations, including the United Kingdom, the European Union, and, in particular, Australia? What challenges has your organization faced in implementing online safety regimes in other jurisdictions?

Minimalist editorial-style graphic featuring the statement “Protecting children online should not require mass surveillance.” in bold black typography on a light grey background with a clean, editorial layout.
  • Gander is a Canadian platform. We have not directly implemented online safety regimes in other jurisdictions, including the United Kingdom’s Online Safety Act, the European Union’s Digital Services Act, the European Union’s AI Act, or Australia’s social media minimum-age regime. That said, those approaches offer useful lessons for Canada as it considers implementing a federal online safety framework.
United Kingdom
  • As of 25 July 2025, platforms covered by the UK’s child safety duties must take steps to protect children from harmful content. The UK framework also requires highly effective age assurance in certain high-risk contexts, including access to pornography, content that encourages self-harm, content that encourages suicide, and content that encourages eating disorders.[6]
  • Canada should take three lessons from that approach: age assurance may be appropriate for specific categories of high-risk content; safety duties should also look at platform design, recommended systems, reporting tools, moderation processes, and other features that shape what people see and experience; and protecting children online is not only about blocking access, but also about improving the quality and safety of the digital environment itself.[6]
  • A strong child-safety framework should not drift toward treating the most intrusive age-assurance tools as the default. Canada should avoid creating incentives for mandatory biometric scans, facial age estimation, photo-ID matching, or AI-driven age inference where less invasive options are sufficient. Where age assurance is justified, the framework should require necessity, proportionality, strong privacy protection, meaningful alternatives, and careful assessment of bias, error, and accessibility impacts.[6]
European Union
  • Article 28 of the Digital Services Act requires online platforms accessible to minors to put in place proportionate measures to ensure a high level of privacy, safety, and security. It also makes clear that compliance with those duties does not, by itself, require platforms to process additional personal data solely to determine whether a person is a minor.[7]
  • Where age-related measures are justified, the goal should be to prove only what is necessary. In some cases, that may mean confirming that a person is above a relevant age threshold; it should not automatically mean identifying the person, building a new identity database, or collecting more personal data than the safety purpose requires.
  • The EU’s AI Act is also instructive. Its transparency framework is aimed at helping people understand when they are interacting with AI or viewing AI-generated or manipulated content. The relevant transparency obligations are scheduled to become applicable on 2 August 2026 and include requirements relating to interactive AI systems, machine-readable marking of certain AI-generated content, disclosure of deepfakes, and disclosure of certain AI-generated public-interest text.[8]
  • Canada should not treat age verification as a default for broad participation in ordinary online services simply because lower-data tools exist and should only be applied in contexts where it is necessary and to reduce identified harms. Any Canadian age verification requirements should remain necessary, proportionate, and tied to a clearly Ottawa, Ontario K2P 1Y6 Canada defined risk.
  • Canada should also avoid treating AI transparency labels as a singular answer to AI-enabled harms. Labelling can help people understand what they are seeing, but it does not by itself address synthetic impersonation, fraud, non-consensual deepfakes, orother serious abuses that may require separate safeguards and enforcement.
Australia
  • Australia’s model is notable because the legal duty falls on covered platforms, not on young people or their parents or carers; the law does not prescribe a single technical method for compliance; implementation guidance recognizes privacy, digital rights, children’s rights, accessibility, and unintended consequences as core design issues, not side concerns; and the framework includes regulatory guidance, stakeholder consultation, evaluation, and an independent review process.[9]
  • The Australian eSafety Commissioner has also identified issues Canada should examine carefully, including how age-assurance technologies are used; how measures may affect young people and the protective factors that support them; privacy and digital-rights implications; possible circumvention or unintended consequences; and how governments and platforms explain changes to young people, families, educators, and frontline workers.[9]
  • Canada should also pay close attention to accessibility. A central policy tension is how to protect young people from genuine online risks without unnecessarily cutting them off from the social, cultural, informational, and support functions of the internet.
  • In our view, Canada should pursue an online safety framework that is risk-based rather than one-size-fits-all; addresses platform design, moderation, and amplification, not just account access; treats privacy, safety, and accessibility as mutually reinforcing goals; avoids creating unnecessary identity-collection systems; preserves room for age-appropriate digital participation by young people; and recognizes that the primary burden of building safer online spaces should sit with platforms, not with individual people.
  • The Australian model also provides useful guideposts by tying online safety to existing cultural, legal, and human rights frameworks. In particular, Australia’s approach draws on the United Nations Convention on the Rights of the Child, including General Comment No. 25 on children’s rights in relation to the digital environment. It shows how we can apply rights frameworks that already work well in Canadian law and policy to the digital environment, while respecting children’s rights to information, participation, connection, and decisions that take their best interests seriously. Restricting access alone is not a valid catch-all solution and will in fact introduce more challenges if it is not viewed inclusive of rights and access writ large.

Question 3

If applicable, how has your organization implemented the Australian social media age restriction? What challenges have arisen from the implementation of the restriction?

Minimalist editorial-style graphic featuring the statement “The safest sensitive data is data a platform never collects.” in bold black typography on a light grey background with generous white space.
  • This is not directly applicable to Gander. We are not currently operating under Australia’s social media minimum-age regime and have not implemented it.
  • That said, we have worked through several related design questions through our own Human Check approach. Gander has independently adopted an adult-human verification model for participation on our platform.[10]
  • Under that model, anyone may browse Gander freely; however, posting, commenting, and chatting require verification that the person is a real adult human. For anyone viewing content on Gander filters are set at their most restrictive. For example, no NSFW content is shown, these are treated as opt-ins when people create an account.
  • Gander does not store people’s identity documents or underlying personal identity data; our primary verification partner is Canada Post Identity+, which returns only the limited confirmation needed for our rule, namely that the person is human and an adult; and we
    have also been exploring simpler alternative verification pathways that may reduce exclusion, including certain institutional email and domain-based approaches.[10]
  • A social platform should not simply wait for bots, fraudsters, abusive accounts, or people under the platform’s age threshold to cause harm before taking preventive steps; at the same time, we do not believe safety requires turning a social platform into a collector of sensitive identity documents.[10]
Challenges we have identified
  • Privacy and data security. People should not have to trust a platform with identity documents that the platform does not need. Gander’s Human Check model is built to reduce that exposure. The safest sensitive data is data a platform never collects in the first place.[10]
  • Accessibility. Verification systems can create real barriers. Not everyone has a bank account, current government ID in good condition, a compatible device, or the digital confidence needed to complete a complex flow. Gander’s choice of Canada Post Identity+ was in part motivated by the availability of in-person verification through
    physical locations, which we see as an important accessibility consideration.[10]
  • Friction. Safety measures can build trust while also making participation harder. Requiring another app, completing a verification process, or resolving a failed check creates real friction. We believe some friction is justified where it materially improves safety, but it should be minimized and paired with meaningful alternatives where possible.[10]
  • Avoiding unfair inference. Gander does not favour broad behavioural assumptions about who is or is not a child. Age estimation based on appearance, conduct, or other inferred signals may introduce errors, bias, and human-rights concerns. We have therefore preferred explicit, purpose-limited adult-human verification over speculative surveillance or profiling.[10]
  • Balancing platform-specific choices with public policy. Gander has made a product-level choice to be 18+.[2] That does not mean we believe public policy should broadly exclude young people from online life. A Canadian regulatory regime should leave room for different kinds of services and should assess youth access, accessibility, and safety together.

Question 4

What privacy concerns do you take into consideration when implementing the Australian social media age restriction or other age-related measures?

Minimalist editorial-style graphic featuring the statement “Platforms should only collect the data they actually need.” in bold black typography on a light grey background with a clean, modern editorial layout.
  • Gander starts from a practical privacy principle: sensitive data that is never collected cannot later be exposed through a breach, misused for a new purpose, or retained longer than needed.
  • For any age-related or identity-related measure, the central question should be: What is the minimum fact the platform actually needs to know?
    • In many cases, the answer is not a person’s full name, birth date, home address, government ID, or biometric image. It may be only: “This person is above the relevant age threshold”; or “This person has completed an approved adult-human check.” Further, once that information is obtained, additional checks are not required. Someone confirmed to be older than 18, will always be older than 18.
    • Our primary verification flow is structured so that Gander does not receive or retain the underlying identity document information. We receive only the narrow confirmation needed for our platform rule: that the person is human and that the person is an adult.[10]
Privacy concerns government should consider 
  • Privacy, accessibility, and online safety do not need to be in competition. A well-designed framework can strengthen all three at once. The question is not which value to sacrifice, but how to build age-assurance and safety measures in a way that protects people from harm without creating unnecessary surveillance, exclusion, or data risk.
  • Data minimization. Age-assurance frameworks should prohibit unnecessary collection and retention of sensitive identity data.
  • Purposeful limitation. Information collected to establish age or adult status should not be repurposed for advertising, profiling, personalization, fraud scoring, or unrelated analytics. This must be written into any policies or legislation.
  • Retention limits. Verification data should be deleted as soon as it is no longer needed. Platforms should not accumulate enduring stores of identity documents, facial images, or age-estimation records.
  • Third-party risk. Outsourcing age assurance does not remove privacy responsibility. Governments and regulators should require platforms to assess the full data flow across vendors, service providers, and the risks associated with them.
  • Biometric risk. Facial age estimation and identity matching create heightened risks of false positives, discriminatory error, and sensitive-data exposure. These methods require especially careful scrutiny and are not necessarily needed to sufficiently verify age.
  • Accessibility and equity. Privacy and accessibility should be assessed together. A system that demands government ID or biometric scans may disproportionately exclude people without conventional identity documents, people who are precariously housed, lower-income people, disabled people, rural and remote communities, and others who may face barriers in conventional verification systems. These issues compound when considered intersectionally with age.
  • Meaningful alternatives. Where age assurance is required, there should be multiple compliant pathways so that people are not forced into the most invasive method as the only route to participation.
  • Children’s rights and participation. A child-safety framework should also account for young people’s rights to information, connection, expression, and support. Australia’s eSafety Commissioner has explicitly adopted a children’s-rights approach and has recognized the importance of assessing digital rights, resilience, and unintended consequences. Canada should study that closely.[9]
  • Any data collected must remain sovereign. Storing data on networks, systems, or servers privy to foreign governments is unacceptable. This includes data residency. It must be solely governed by Canadian jurisdiction. This is our most sensitive information. The law needs to ensure this is a clear requirement.

Question 5

Does your organization currently have any terms of service or internal systems in place requiring the labelling of synthetic content, including deepfakes, that circulates on your services? What should the Government consider should it proceed with extending an online safety regulatory framework to include artificial intelligence chatbots?

Minimalist editorial-style graphic featuring the statement “Private AI conversations are not public social media feeds.” in bold black typography on a light grey background with generous negative space and an editorial-style composition.
  • Synthetic content labelling: Yes. Gander’s Community Guidelines address synthetic content, including deepfakes, in two ways.
    • First, our Guidelines ask people to label AI-generated content so others can make informed choices about how they engage with it.[2][3] Viewing content labelled as AI is considered an opt-in decision.
    • Second, our Guidelines prohibit harmful synthetic media where it is used to mislead others, incite panic, impersonate real people, or undermine civic integrity. This includes synthetic media, deepfakes, and false news reports when they are used in harmful or deceptive ways.[2][3]
  • This reflects Gander’s broader position: we support strong intervention against AI-enabled harms such as synthetic impersonation, exploitative or abusive synthetic sexual imagery, deceptive civic misinformation, and non-consensual deepfakes; we do not believe all AI-generated content is inherently harmful; and we do not believe content should be removed solely because it is synthetic.[2][3]
  • We do not believe that labelling alone is the solution to problematic synthetic content, though do believe it is one amongst a diversity of tactics. AI systems that scan for synthetic content creates increasing complexity, it trains AI to create more convincing synthetic content. There must be a multi-faceted approach to its identification that includes onus on the people sharing content, the platforms facilitating it, and the services that are used to create the content itself.  
  • The Government should consider establishing a clear baseline expectation that realistic synthetic content be labelled where authenticity materially affects how people understand it. That is especially important for deepfakes of real people, non-consensual or exploitative synthetic sexual imagery, synthetic content used for impersonation or fraud, fabricated public-safety or emergency content, and AI-generated material presented as authentic news, documentary evidence, or civic information.
  • The central logic of online harms regulation is often about public dissemination, amplification, and exposure, meaning harmful content being shared, recommended, or made visible to large audiences. AI chatbot interactions are often one-to-one and private. A private chatbot conversation is not the same thing as a public post shown to thousands of people.
  • Do not conflate AI Chatbots and social platforms. Private chatbot prompts should not be treated the same way as public social media posts. Doing so could weaken the privacy boundary around private communications and create pressure for broader proactive monitoring. Whether Canada regulates AI chatbots through a separate framework or not, AI policy should clearly apply to social media platforms when they use AI as part of their service. This is an important distinction that will allow for further nuance and better policy considerations.
  • If the Government proceeds, we believe chatbot regulation should be designed for how chatbots actually work. It should focus on transparency that a person is interacting with AI; disclosure and labelling of synthetic outputs where authenticity matters; risk assessments for clearly high-risk chatbot uses; safeguards against generating or facilitating serious harms, including child sexual exploitation material, non-consensual intimate deepfakes, impersonation scams, and clearly dangerous instructions in high-risk contexts; reporting pathways and meaningful ways to seek review or remedy; accountability and auditability; and strong limits against indiscriminate monitoring of private conversations.[8][11]
  • Accessibility should also be part of that analysis. AI chatbots may provide meaningful benefits for language access, disability support, literacy and navigation assistance, low-barrier information seeking, and people who struggle with traditional digital interfaces. Regulation should address genuine harms without unnecessarily degrading or foreclosing those uses.
  • Put plainly: regulate harmful AI-enabled conduct and deceptive synthetic content; do not normalize surveillance of private AI conversations; and do not treat every chatbot as though it operates like a public social media feed.
  • Set clear guidelines for synthetic content. Policy should clearly distinguish between content that is fully AI-generated, meaningfully AI-altered, and simply AI-assisted. A post written by a person and edited by AI, an artist using AI to prototype an installation, or someone using AI as an accessibility tool should not be treated the same as deceptive synthetic media.

Notes:

[1] Government of Canada, “Proposed Bill to Address Online Harms,” describing Bill C-63, its seven categories of harmful content, the three platform duties proposed under Part 1, and the bill’s status following the end of the previous Parliament.

[2] Gander Social, Community Guidelines Web, updated April 17, 2026. The Guidelines establish Gander’s Charter-rooted framework, 18+ rule, standards on child sexual abuse material, hateful conduct, harassment, misinformation, synthetic media, proportional enforcement, labels, and appeals.

[3] Tremau x Gander Social, Gander Social’s Policy Stance, February 19, 2026. The policy stance document describes Gander’s values-driven approach, safety-first orientation, harm-reduction model, sensitivity screens, and strong protections against hate, harassment, fraud, misinformation, and other high-severity harms.

[4] Canadian Civil Liberties Association, “Online Harms: CCLA Testifies on Bill C-63 Before Standing Committee on Justice and Human Rights,” December 17, 2024. CCLA supported the goal of addressing online harms while arguing that Bill C-63 should more clearly protect freedom of expression and privacy, focus on objectively identifiable harmful content, and avoid the proposed Criminal Code and Canadian Human Rights Act amendments.

[5] Blayne Haggart and Natasha Tusikov, “Canada’s Online Harms Bill is Dead (Again): Three Questions to Consider for the Next Round,” Tech Policy Press, April 28, 2025. The article summarizes concerns raised during the bill’s pre-study, including over-moderation, proactive monitoring, mass surveillance, chilling effects on expression, and the need for clearer protections for private and encrypted communications and freedom of expression.

[6] Government of the United Kingdom, “What’s Changing for Children on Social Media from 25 July 2025,” and GOV.UK, “Online Safety Act.” These materials describe the UK child-safety duties taking effect in July 2025, including highly effective age assurance for certain high-risk content and broader platform duties to protect children online.

[7] Regulation (EU) 2022/2065, Digital Services Act, Article 28. Article 28 requires online platforms accessible to minors to ensure a high level of privacy, safety, and security, while clarifying that compliance does not in itself require additional personal-data processing solely to assess whether a person is a minor.

[8] European Commission, “Guidelines and Code of Practice on Transparent AI Systems,” “AI Act | Shaping Europe’s Digital Future,” and “Commission Publishes Second Draft of Code of Practice on Marking and Labelling of AI-Generated Content.” These materials describe Article 50 transparency obligations under the EU AI Act, including interactive AI disclosures, marking of certain AI-generated or manipulated content, deepfake labelling, and the expected applicability date of 2 August 2026 for the relevant transparency rules.

[9] eSafety Commissioner, “Social Media Age Restrictions”; eSafety Commissioner, Social Media Minimum Age Regulatory Guidance, September 2025; and eSafety Commissioner, “Statement of Commitment to Children’s Rights.” These materials describe Australia’s under-16 social media minimum-age regime, the platform-focused reasonable-steps duty effective December 10, 2025, the absence of penalties for young people or parents, privacy and digital-rights considerations, guidance on age assurance and unintended consequences, and the commitment to independent review and children’s rights.

[10] Ben Waldman, “Human Check on Gander: Not Waiting for Things to Go Sideways,” Gander Social Blog, April 22, 2026. The post explains Gander’s Human Check model, its 18+ participation requirement for posting, commenting, and chatting, its minimum-data approach, Canada Post Identity+ integration, accessibility considerations, and planned alternative verification options.

[11] Parliament of Canada, Bill C-63: An Act to Enact the Online Harms Act, to Amend the Criminal Code, the Canadian Human Rights Act and Other Acts, and UNICEF Canada, Ensuring the Best Interests of Children in Canada’s Response to Online Harms: Policy Brief on Bill C-63. These materials show that Bill C-63 excluded private messaging features from its core platform duties and did not require operators to proactively search content, while UNICEF Canada noted that this narrower scope could leave some child-facing harms outside the bill’s framework.

Sources

eSafety Commissioner. “Social Media Age Restrictions.” Government of Australia. Accessed May 20, 2026.

eSafety Commissioner. Social Media Minimum Age Regulatory Guidance. September 2025.

eSafety Commissioner. “Statement of Commitment to Children’s Rights.” September 2025.

European Commission. “AI Act | Shaping Europe’s Digital Future.” Accessed May 20, 2026.

European Commission. “Guidelines and Code of Practice on Transparent AI Systems.” Accessed May 20, 2026.

European Commission. “Commission Publishes Second Draft of Code of Practice on Marking and Labelling of AI-Generated Content.” March 9, 2026.

European Union. Regulation (EU) 2022/2065, Digital Services Act, Article 28.

Gander Social. Community Guidelines Web. Updated April 17, 2026.

Government of Canada. “Proposed Bill to Address Online Harms.” Canadian Heritage. Accessed May 20, 2026.

Government of the United Kingdom. “What’s Changing for Children on Social Media from 25 July 2025.” GOV.UK.

Government of the United Kingdom. “Online Safety Act.” GOV.UK.

Haggart, Blayne, and Natasha Tusikov. “Canada’s Online Harms Bill is Dead (Again): Three Questions to Consider for the Next Round.” Tech Policy Press, April 28, 2025.

Canadian Civil Liberties Association. “Online Harms: CCLA Testifies on Bill C-63 Before Standing Committee on Justice and Human Rights.” December 17, 2024.

Parliament of Canada. Bill C-63: An Act to Enact the Online Harms Act, to Amend the Criminal Code, the Canadian Human Rights Act and Other Acts. First Reading, 44th Parliament, 1st Session.

Tremau x Gander Social. Gander Social’s Policy Stance. February 19, 2026.

UNICEF Canada. Ensuring the Best Interests of Children in Canada’s Response to Online Harms: Policy Brief on Bill C-63. August 2024.Waldman, Ben. “Human Check on Gander: Not Waiting for Things to Go Sideways.” Gander Social Blog, April 22, 2026.

Stirling Coulter-Hayward Avatar
Stirling is a communications strategist with 10+ years leading community campaigns, stakeholder engagement, and digital strategy in the social impact and public interest spaces (Refugee 613, MCC Canada, Mint).