Canadian internet service providers (ISPs) collect two broad types of data: (1) customer/account data needed to set up and bill your service, and (2) technical/network data generated when your connection runs across their infrastructure. What differs most between providers is how much they also collect for analytics, marketing, fraud prevention, and “service improvement.”
National providers: Rogers, Bell, TELUS
Across the “big three,” their published privacy materials describe collecting:
- Identity & account setup data: name, address, email/phone, account credentials or verification details, and billing/payment information. www.bell.ca+2Rogers+2
- Credit/eligibility information (when applicable): Rogers explicitly describes collecting credit-related information (including information obtained from credit bureaus). Rogers
- Network/technical data: information about how you use their networks/services (often described as “technical information” or “network use information”). Rogers states this is collected “to enable your communications services.” Rogers
- Usage and device-level signals: TELUS notes collecting information about how services/apps used on devices on your account contribute to data usage (useful for billing and usage visibility). TELUS
- Web/app interaction data (where you use their sites/apps): Bell states collection can occur when you browse online and also notes information may come from third parties (e.g., credit reporting agencies). www.bell.ca
Smaller and regional ISPs
Regional providers describe very similar categories, typically with narrower scope depending on what services they offer:
- Cogeco: says it usually collects contact details (name/address/phone/email), account/payment info, plus information about your use of products/services and certain technical information about equipment/devices. Cogeco
- Eastlink (Canada): describes collecting customer details (name/address/phone), credit information, billing/payment records, and information about service subscriptions and usage. Eastlink
- SaskTel: a detailed policy (PDF) lists items that may include identifiers like IP addresses and device identification information, along with service usage and billing/transaction details. SaskTel
- Vidéotron: publishes privacy information indicating collection for service delivery and also for studying visitor behaviours/preferences on its websites (site analytics/product improvement). Vidéotron
What’s “mandated by law” vs what ISPs “choose to” collect
In practice, law and regulators don’t publish a single checklist of “ISPs must collect X.” Instead, ISPs generally must comply with privacy rules that require consent, purpose limits, and data minimization—i.e., they should not require consent for information beyond what’s needed for legitimate, specified purposes. Department of Justice Canada
So, commonly necessary/expected collection (to deliver the service) includes: customer identity/contact info, billing/payment records, and enough technical/network data to provision, secure, troubleshoot, and account for service usage. Providers’ policies describe this kind of collection as part of enabling communications services and providing home internet services. Rogers+2TELUS+2
More “optional/choice-based” collection is usually described as: marketing personalization, website/app analytics, and broader business improvement (often tied to cookies, online interactions, and cross-service offerings). Videotron and Bell, for example, describe website behaviour/online browsing contexts in their privacy materials. Vidéotron+1
Your right to ask: access requests under PIPEDA
Under PIPEDA, individuals can request access to the personal information an organization holds about them, and organizations subject to PIPEDA are responsible for responding in accordance with the Act. Office of the Privacy Commissioner+1
If you want, I can draft a simple, copy-paste request email you can send to any Canadian ISP (and a short checklist of what to ask for).
