Law 25 Blog Series from McCarthy Tétrault’s Cyber/Data Group
This article is part of our Law 25 Blog Series, which will provide readers with a 360° view on Law 25 (formerly known as Bill 64) and its sweeping amendments to Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (the “Private Sector Act”). To view other blog posts in the series, scroll down to the bottom of this article. This page will be updated regularly with the latest posts.
The passage of Law 25 (formerly known as Bill 64) (the Act to Modernize Legislative Provisions respecting the Protection of Personal Information) will overhaul Québec’s privacy regime and have major consequences for companies doing business in the province or that handle the personal information of Québec residents. Aimed at promoting transparency and enhancing data privacy, the significant changes to the existing Private Sector Act include more stringent obligations for businesses, greater accountability and tougher penalties for non-compliance.
So what does this mean for your business? Ensuring compliance requires careful planning and a thorough understanding of this uniquely “made in Québec” approach to privacy protection. McCarthy Tétrault’s Law 25 Blog Series gives you valuable insights on how the latest developments will impact your business so you can stay compliant and capitalize on opportunities in the evolving privacy and data landscape in Québec. Featuring posts from our multidisciplinary Cyber/Data experts, the series will cover key topics including consent, enforcement issues under Bill 64, automated decision-making, information governance requirements and much more.
McCarthy Tétrault’s Cyber/Data Group has immense regional and national experience in privacy, data protection and cybersecurity and a track record in advising key sectors on critical issues in novel and complex areas of law. Our team can help you navigate the privacy and data landscape so you can leverage the value of data, develop responsible AI practices, protect your organization’s assets and cement customers’ and clients’ digital trust.
Subscribe to our TechLex blog to receive the latest posts in the series.

Quebec Law 25 Update - Latest Obligations Effective September 2023
Today, the majority of Quebec’s Law 25 privacy reform enters into force, elevating Quebec’s privacy regime to a standard that resembles the GDPR and other new-age regimes. If your organization does business in Quebec and processes the personal information of Quebecers, it is crucial that you take meaningful steps to comply with the new obligations, as the fines for non-compliance could be significant.
Bill 64 Blog Series and Related Insights:
- Committee review completed for Bill 64: A step closer to a major reform of Quebec's personal information protection regime
- Bill 64 Committee Report Adopted by Québec National Assembly
- Bill 64 Receives Royal Assent: Major Québec Privacy Reform Bill Becomes Law
- Quebec’s Bill 64 Introduces Unique Cyber Incident Reporting Obligations
- Quebec’s Bill 64 Introduces New Operational Requirements for Cross-Border Transfers of Personal Information
- Quebec’s Bill 64 Introduces New Transparency and Consent Standards
- A Workspace by the CAI to assist with Bill 64 Compliance
- Quebec’s Bill 64 Introduces New Governance Obligations for Businesses Processing Personal Information
- Quebec’s Bill 64 Introduces New Contractual Requirements for Transfers of Data
- Bill 64 exposes businesses to significant new monetary penalties and gives increased powers to the Commission de l’accès à l’information
- Getting ready for Quebec’s Bill 64 privacy law impacts on outsourcing
- Quebec’s Draft Bill 64 Regulation On Confidentiality Incident Reporting and Record-Keeping Obligations
- Quebec Privacy Commissioner Releases Draft Guidelines on Valid Consent and Launches Public Consultation
- Key Operational Considerations Ahead of Major Law 25 Entry Into Force Phase
- Now this May Hurt: The CAI's General Framework on Monetary Administrative Penalties
To learn more about how our Cyber/Data Group can help you navigate the privacy and data landscape, please contact national co-leaders Charles Morgan and Daniel Glover.