It's true it's different by registrar, and I don't get how/why it's so different.
GD is an example where they don't provide us with the option to turn privacy on/off as we please. I actually called GD about a month ago to turn my privacy on for a couple domains, as I had moved them there a few years ago with the privacy turned off (and couldn't change it since it wasnt an option). The GD Canada rep, named "Angela", told me she would have to "escalate my request" to make it happen, and it got done in about 24 hrs or less.
I took the opportunity to explain to her how it's very strange that a company like GD, with all the bulk tools, bells, whistles etc, didn't provide this option but smaller companies (that don't even provide half the options as GD) do provide the option. I told her GD should definitely implement the option, how we've discussed it in forums, and how it would make many Canadian GD customers happy to see this happen.
The rep agreed it didn't make sense, and that if other companies can provide this option then GD should be able too. She said that she had a "little bit of pull" at GD and that she would try to make it happen. She said I wouldn't necessarily be receiving any updates about it (nor did i ask for updates) and that if it happens it will just suddenly happen after they take the time to look into it. I felt like she was sincere but I'm not holding my breath.
As for the actual policy surrounding whois... below is an excerpt about the subject, taken directly from "CIRA Privacy Policy - Version 2.1 (March 9, 2020)".
The last two paragraphs are what I find interesting (see red font). I don't register domains as a company/organization so I can't be sure how strictly enforced this is or whether it actually works this way in reality. Does an organization really need to contact CIRA
in writing and plead their case to turn on whois privacy? Or have some registrars found a work-around which makes it simple/easy?
WHOIS Information
As part of the administration of the .CA Registry, CIRA operates an electronic look-up service called "WHOIS". WHOIS is designed to provide limited information concerning Domain Names.
WHOIS has built-in privacy protection options, which can be used to limit the personal information available through the WHOIS system. For Registrants who are individuals (e.g. as opposed to organizations), the privacy protection options are turned on by default, and only limited personal information is available to third parties when they search the WHOIS system for a Domain Name that you have registered. If you turn your privacy protection option off, more of your personal information will be available through the WHOIS system. Your privacy protections can be changed by contacting your Registrar.
When your privacy protection is turned on, the following information is visible:
Domain Name;
Domain Name status;
Creation date;
Expiry date;
Updated date;
Registrar name; and
Registrar number.
When your privacy protection is turned OFF, the following information is visible
Registrant Information includes:
Registrant name;
Mailing address, e-mail address, phone number and fax number;
Domain Name Information includes:
Domain Name;
Domain Name status;
Creation date;
Expiry date;
Updated date;
Registrar name; and
Registrar number.
Administrative Contact Information and Technical Contact Information includes:
Name;
Mailing address;
Phone;
Fax; and
E-mail.
If you are a non-individual Registrant, the information that will be made available through the WHOIS system will be the same as an individual Registrant with their privacy protection turned OFF. Non-individual Registrants may request to CIRA, in writing, that the information described above not be disclosed to the public via the WHOIS. In such a written request, the non-individual Registrant must certify that it has a legitimate need to protect the privacy of its information, which need is greater than that of other CIRA Registrants who are not individuals, because the nature of that Registrant’s operations or activities is such that disclosure of its information via the WHOIS would be likely to cause harm to individuals or to that Registrant.
CIRA retains the discretion to determine in any case whether a non-individual Registrant meets the criteria and will be permitted to opt out of standard disclosure of information in the WHOIS. If CIRA accedes to the request, the non-individual Registrant’s WHOIS information will only be disclosed thereafter in accordance with the terms for disclosure applicable to individual Registrants.