Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Québec’s new privacy bill: a comparison of Bill 64, PIPEDA and the GDPR

By Chantal Bernier, Kirsten Thompson, and Olivia D'Souza
July 9, 2020
  • Canada
  • New and Proposed Laws
Share on Facebook Share on Twitter Share via email Share on LinkedIn

On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (“Bill”). The stated objective of the changes, once passed, is to modernize the protection of personal information and to ensure both the public and private sectors are meeting the obligations that they have to protect the personal information they possess.

Should the Bill pass, both public and private organizations across Québec would see major reforms and significantly increased obligations as to how they hold and protect their customers’ personal data.

The key changes are:

  • Privacy by design obligations for the default settings for companies’ technology  products;
  • More onerous consent requirements;
  • New rights for individuals: data portability, the right to be forgotten and the right to object to automated processing of their personal information;
  • The requirement to appoint a Chief Privacy Officer and establish governance policies and practices;
  • Mandatory breach reporting and notification;
  • Significant penalties could be imposed by the Commission d’accès à l’information (CAI) of up to CA$50,000.00 for individuals, CA$10 million or 2% of worldwide turnover, whichever is greater, and penal sanctions of up to CA$25 million or 4% of worldwide turnover for organizations;
  • A private right of action (in other words, statutory damages resulting from the unlawful infringement of a right under the Québec privacy acts); and
  • The introduction of a “business transaction” exception from consent  that would allow personal information to be disclosed without consent in the course of a business transaction.

In many ways, this proposed reform brings Québec’s privacy laws in line with in the European Union’s General Data Protection Regulation (GDPR). The proposed changes are also conceptually similar to those anticipated as part of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) modernization.

For a full description of Bill 64, read the full article here.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Chantal Bernier

About Chantal Bernier

Chantal Bernier leads Dentons’ Canadian Privacy and Cybersecurity practice group. She is also a member of the Firm’s Government Affairs and Public Policy group. Chantal advises leading-edge national and international companies as they expand into Canada and Europe, enter the e-commerce space, adopt data analytics and roll out data-based market initiatives. Her clients include ad tech companies, financial institutions, biotech companies, data analytics firms and government institutions.

All posts Full bio

Kirsten Thompson

About Kirsten Thompson

Kirsten Thompson is a partner in our Corporate group in Toronto and is the national lead of the Transformative Technologies and Data Strategy group. She is also a key member of the Privacy and Cybersecurity group. She has both an advisory and advocacy practice, and provides privacy, data security and data management advice to clients in a wide variety of industries.

All posts Full bio

Olivia D'Souza

Olivia D'Souza

RELATED POSTS

  • Canada
  • Privacy Rights

Copyright v. Privacy: Voltage Pictures LLC v. John Doe and Jane Doe

The recent Federal Court of Canada decision in Voltage Pictures LLC v. John Doe and Jane Doe (2014 FC 161) has […]

By Margot Patterson
  • Canada
  • Enforcement
  • Marketing, Cookies & Spam

CRTC ENFORCEMENT ADVISORY: REMEMBER, YOU MUST HAVE RECORDS TO PROVE CONSENT

By Privacy and Cybersecurity Group
  • Canada
  • Data Breach
  • Enforcement
  • Record Retention

The Ashley Madison Breach: Canada-Australia Report of Investigation and Takeaways for all Organizations

By Privacy and Cybersecurity Group

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site