Back to Bills

Protection Against Online Fraud Act

Full Title:
An Act to enact the Protection Against Online Fraud Act and to amend the Criminal Code

Summary#

This bill would require online platforms to take steps to stop scams and fraud on their services. It would also require them to warn users who interacted with content later found to be fraudulent and to keep records and publish reports about removals. It also changes the Criminal Code so judges must treat crimes of identity theft or identity fraud against vulnerable people as more serious.

Key changes:

  • Platforms (including social media and online video games) must take reasonable steps to prevent fraudulent content from spreading.
  • They must remove content that has been identified as fraudulent.
  • They must set up a process to notify users who engaged with that content (for example, clicked, viewed, shared, or bought) and make sure those users read the warning.
  • They must keep records of removed content and all notifications sent, and publish public reports with information about removals (details to be set by future rules).
  • Non-compliance can lead to a fine up to $1,000,000 on summary conviction, with a “due diligence” defence if the operator took reasonable care.
  • For certain identity theft or identity fraud crimes, judges must consider the victim’s vulnerability (age, health, finances) as an aggravating factor at sentencing.

What it means for you#

  • Users of online platforms

    • You may see faster removal of scam posts, listings, or messages.
    • If you interacted with content later identified as fraudulent, the platform must notify you and ensure you read the notice (for example, by requiring a confirmation).
    • Platforms must keep records of removed items and notices. The bill does not say what user data must be in those records.

  • Victims of identity theft or identity fraud

    • If you were vulnerable because of your age, health, or financial situation, judges must treat that as a reason to give a harsher sentence to the offender.

  • Platform operators (social media, online games, apps, and other Internet services)

    • You must design and run your service to reduce the spread of fraudulent content and remove content identified as fraudulent.
    • You must build processes to find and notify users who engaged with that content and ensure they have read the warning.
    • You must keep records of removals and notifications and publish reports with information about fraudulent content removals, as set out later by government rules.
    • Failure to meet these duties can lead to fines up to $1,000,000 on summary conviction. You can defend yourself by showing you exercised due diligence.

  • General public

    • The bill mainly affects how platforms operate behind the scenes. Day-to-day impact for most people would be fewer visible scams and more warnings when scams are found.

Expenses#

No publicly available information.

  • Platforms would likely face new compliance costs to detect fraud, remove content, notify users, confirm that notices were read, keep records, and publish reports.
  • Government may incur costs to develop and administer the rules and to investigate and prosecute violations, but no estimate is provided.
  • The bill creates a potential fine revenue stream (up to $1,000,000 per offence), but amounts and frequency are unknown.

Proponents' View#

  • The bill appears intended to reduce online scams by making platforms responsible for prevention, quick removal, and user warnings.
  • Requiring warnings to users who engaged with fraudulent content could help people avoid losses or take steps (for example, cancel a payment or change passwords).
  • Public reporting on removals could increase transparency and accountability for large platforms.
  • Higher sentencing seriousness when victims are vulnerable could better protect seniors and others at higher risk.
  • The due diligence defence could encourage operators to take reasonable measures without making them liable for every fraud that appears.

Opponents' View#

  • The bill does not define “fraudulent content” or say who officially “identifies” content as fraudulent. It is unclear whether this means the platform’s own determination, a court, police, or another body. This could lead to uneven or overbroad removals.
  • The duty to “ensure that the user has read the notification” may be hard to guarantee and could require intrusive tracking or disruptive prompts. The bill does not explain how this must be done.
  • Record‑keeping and reporting requirements lack detail (what must be kept, for how long, and what goes in public reports are left to future rules). This may raise privacy and data‑retention concerns.
  • Smaller or niche platforms, including online game services, may face significant costs to build detection, notification, and reporting systems.
  • To avoid fines, platforms might remove borderline content more aggressively, which could take down some lawful posts. The bill does not spell out safeguards against over‑removal.
  • The bill does not name a specific regulator, complaint process, or timelines for action, and it is unclear how Canada would enforce these rules on platforms based outside Canada.