Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Québec’s new privacy bill: a comparison of Bill 64, PIPEDA and the GDPR

By Chantal Bernier, Kirsten Thompson, and Olivia D'Souza
July 9, 2020
  • Canada
  • New and Proposed Laws
Share on Facebook Share on Twitter Share via email Share on LinkedIn

On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (“Bill”). The stated objective of the changes, once passed, is to modernize the protection of personal information and to ensure both the public and private sectors are meeting the obligations that they have to protect the personal information they possess.

Should the Bill pass, both public and private organizations across Québec would see major reforms and significantly increased obligations as to how they hold and protect their customers’ personal data.

The key changes are:

  • Privacy by design obligations for the default settings for companies’ technology  products;
  • More onerous consent requirements;
  • New rights for individuals: data portability, the right to be forgotten and the right to object to automated processing of their personal information;
  • The requirement to appoint a Chief Privacy Officer and establish governance policies and practices;
  • Mandatory breach reporting and notification;
  • Significant penalties could be imposed by the Commission d’accès à l’information (CAI) of up to CA$50,000.00 for individuals, CA$10 million or 2% of worldwide turnover, whichever is greater, and penal sanctions of up to CA$25 million or 4% of worldwide turnover for organizations;
  • A private right of action (in other words, statutory damages resulting from the unlawful infringement of a right under the Québec privacy acts); and
  • The introduction of a “business transaction” exception from consent  that would allow personal information to be disclosed without consent in the course of a business transaction.

In many ways, this proposed reform brings Québec’s privacy laws in line with in the European Union’s General Data Protection Regulation (GDPR). The proposed changes are also conceptually similar to those anticipated as part of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) modernization.

For a full description of Bill 64, read the full article here.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Chantal Bernier

About Chantal Bernier

Chantal Bernier leads Dentons’ Canadian Privacy and Cybersecurity practice group. She is also a member of the Firm’s Government Affairs and Public Policy group. Chantal advises leading-edge national and international companies as they expand into Canada and Europe, enter the e-commerce space, adopt data analytics and roll out data-based market initiatives. Her clients include ad tech companies, financial institutions, biotech companies, data analytics firms and government institutions.

All posts Full bio

Kirsten Thompson

About Kirsten Thompson

Kirsten Thompson is a partner in our Corporate group in Toronto and is the national lead of the Transformative Technologies and Data Strategy group. She is also a key member of the Privacy and Cybersecurity group. She has both an advisory and advocacy practice, and provides privacy, data security and data management advice to clients in a wide variety of industries.

All posts Full bio

Olivia D'Souza

Olivia D'Souza

RELATED POSTS

  • Consumer Protection
  • Data Breach
  • Employee Privacy
  • Enforcement
  • Health Information Privacy
  • New and Proposed Laws
  • Privacy Rights
  • United States

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

By Peter Stockburger
  • Canada
  • Privacy Rights
  • United States

The Fake Facebook Profile and the Veiled Victim

The Supreme Court of Canada determined yesterday, in A.B. v. Bragg Communications, that a 15-year old can proceed anonymously to pursue […]

By Margot Patterson
  • Canada
  • Enforcement
  • New and Proposed Laws
  • Privacy Rights

Canada’s Privacy Commissioner Pursues a Stronger Consent Framework and More Proactive Enforcement

By Privacy and Cybersecurity Group

About Dentons

Across over 80 countries, Dentons helps you grow, protect, operate and finance your organization by providing uniquely global and deeply local legal solutions. Polycentric, purpose-driven and committed to inclusion, diversity, equity and sustainability, we focus on what matters most to you. www.dentons.com

Grow, Protect, Operate, Finance. Dentons, the law firm of the future is here. Copyright 2023 Dentons. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. Please see dentons.com for Legal notices.

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo in black and white

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site