Skip to content.

Law 25 Blog Series from McCarthy Tétrault’s Cyber/Data Group

This article is part of our Law 25 Blog Series, which will provide readers with a 360° view on Law 25 (formerly known as Bill 64) and its sweeping amendments to Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (the “Private Sector Act”). To view other blog posts in the series, scroll down to the bottom of this article. This page will be updated regularly with the latest posts.

The passage of Law 25 (formerly known as Bill 64) (the Act to Modernize Legislative Provisions respecting the Protection of Personal Information) will overhaul Québec’s privacy regime and have major consequences for companies doing business in the province or that handle the personal information of Québec residents. Aimed at promoting transparency and enhancing data privacy, the significant changes to the existing Private Sector Act include more stringent obligations for businesses, greater accountability and tougher penalties for non-compliance.

So what does this mean for your business? Ensuring compliance requires careful planning and a thorough understanding of this uniquely “made in Québec” approach to privacy protection. McCarthy Tétrault’s Law 25 Blog Series gives you valuable insights on how the latest developments will impact your business so you can stay compliant and capitalize on opportunities in the evolving privacy and data landscape in Québec. Featuring posts from our multidisciplinary Cyber/Data experts, the series will cover key topics including consent, enforcement issues under Bill 64, automated decision-making, information governance requirements and much more.

McCarthy Tétrault’s Cyber/Data Group has immense regional and national experience in privacy, data protection and cybersecurity and a track record in advising key sectors on critical issues in novel and complex areas of law. Our team can help you navigate the privacy and data landscape so you can leverage the value of data, develop responsible AI practices, protect your organization’s assets and cement customers’ and clients’ digital trust.

Subscribe to our TechLex blog to receive the latest posts in the series.

Quebec Law 25 Update - Latest Obligations Effective September 2023

Quebec Law 25 Update - Latest Obligations Effective September 2023

Today, the majority of Quebec’s Law 25 privacy reform enters into force, elevating Quebec’s privacy regime to a standard that resembles the GDPR and other new-age regimes. If your organization does business in Quebec and processes the personal information of Quebecers, it is crucial that you take meaningful steps to comply with the new obligations, as the fines for non-compliance could be significant.

 

Read more

Sweeping privacy reform comes into force in Quebec

Sweeping privacy reform comes into force in Quebec

As of September 22, 2023, organizations operating in Quebec or handling the personal information (“PI”) of Quebec residents are now subject to a host of new obligations. Compliance with these sweeping amendments brought by Act to modernize legislative provisions respecting the protection of personal information (“Law 25”) to the Private Sector Act require a deliberate and well-documented overhaul of policies, procedures and practices relating to how affected organizations handle Quebec PI.

 

Read more

Quebec’s Law 25 and Cookies: Not So Cookie Cutter

Quebec’s Law 25 and Cookies: Not So Cookie Cutter

If you’ve recently visited a new website on your phone or computer, chances are you received a notification informing you that the page uses cookies and you need to decide whether to accept, reject, or manage cookies before you can access the page. Cookies are small text files that websites send to your device to remember certain information about you, such as what you put in your shopping cart, what your shopping preferences are, when you last visited the site, how long you were on the site, or your login information.

 

Read more

The Quebec Privacy Regulator’s Guide on Law 25-compliant Privacy Impact Assessments

The Quebec Privacy Regulator’s Guide on Law 25-compliant Privacy Impact Assessments

On September 22, 2023, Quebec’s privacy regulator, the Commission d’accès à l’information du Québec (“CAI”), released its long-awaited guide (available in French only) on conducting privacy impact assessments (“PIAs”) as required by Law 25. The guide provides a roadmap for conducting PIAs and establishes a methodology for quantifying and addressing privacy risks. Alongside the guide, the CAI published a PIA template, which serves as a model that can be used by organizations to complete Law 25 compliant PIAs. The CAI states that using the PIA template is not mandatory and recommends adapting it to the context and scope of the assessment at hand.

 

Read more

Quebec’s Draft Regulation on Anonymization of Personal Information

Quebec’s Draft Regulation on Anonymization of Personal Information

On December 20, 2023, the draft regulation for the anonymization of personal information (the “Draft Regulation”) was published in the Gazette officielle du Québec. The Draft Regulation provides organizations with details regarding the requirements that must be respected to lawfully anonymize personal information (“PI”). This article provides an overview of the anonymization framework set out in the Act and then unpacks the new Draft Regulation.

 

Read more

Bill 64 Blog Series and Related Insights:

To learn more about how our Cyber/Data Group can help you navigate the privacy and data landscape, please contact national co-leaders Charles Morgan and Daniel Glover.

Authors

Subscribe

Stay Connected

Get the latest posts from this blog

Please enter a valid email address