The Rising Tide of Children’s Privacy Regulation: Key Trends in Canada and Beyond

Across Canada and internationally, regulators are sharply increasing their focus on children’s privacy, recognizing the heightened risks young people face in digital environments. Over the past several years, there has been a steady rollout of new resolutions, investigations, guidelines, and global standards—all aimed at strengthening protections for minors and raising expectations for organizations that collect or process children’s personal information. Below is a snapshot of the significant activity now shaping this rapidly evolving area. 

In Canada, the Office of the Privacy Commissioner of Canada (OPC) has advanced a multi‑year agenda on children’s privacy. This includes a 2023 national resolution prioritizing the best interests of young people; a 2024 joint international statement and public consultation on age‑assurance practices; 2025 commitments to develop guidance on when and how age assurance should be used; and the 2025 TikTok investigation into the collection and use of children’s data. 

In Ontario, the Information and Privacy Commissioner has released the 2024 Digital Privacy Charter, joined the 2025 national resolution on protecting children’s privacy in educational technologies, and participated in the 2025 Global Privacy Enforcement Network Sweep examining children’s privacy practices.  The IPC also released a significant decision regarding the PowerSchool breach, which affected the personal information of minors. Finally, the Enhancing Digital Security and Trust Act, 2024 came into effect in 2025 and it included provisions related to Digital Technology Affecting Individuals Under Age 18. Currently, a proposed regulation is available for consultation (until February 9, 2026) regarding software applications used by schools to handle student personal information. 

Internationally, regulators and standards bodies are also moving quickly, including the UK ICO’s Age Appropriate Design Code (updated in 2024) and the forthcoming ISO/IEC 27566‑1 standard on age assurance systems (2025). Australia has developed some of the strictest rules relating to children on social media, restricting Australians under 16 from having a social media account (2024 amendments to the Australian Online Safety Act 2021) and developing a Children’s Online Privacy Code (a key feature of the Australian Privacy and Other Legislation Amendment Act 2024) 

Together, these developments signal a clear regulatory trajectory: organizations should expect increased scrutiny, higher standards for transparency and consent, and stronger expectations around protecting minors online.