On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (“Bill”). The stated objective of the changes, once passed, is to modernize the protection of personal information and to ensure both the public and private sectors are meeting the obligations that they have to protect the personal information they possess.

Should the Bill pass, both public and private organizations across Québec would see major reforms and significantly increased obligations as to how they hold and protect their customers’ personal data.

The key changes are:

  • Privacy by design obligations for the default settings for companies’ technology  products;
  • More onerous consent requirements;
  • New rights for individuals: data portability, the right to be forgotten and the right to object to automated processing of their personal information;
  • The requirement to appoint a Chief Privacy Officer and establish governance policies and practices;
  • Mandatory breach reporting and notification;
  • Significant penalties could be imposed by the Commission d’accès à l’information (CAI) of up to CA$50,000.00 for individuals, CA$10 million or 2% of worldwide turnover, whichever is greater, and penal sanctions of up to CA$25 million or 4% of worldwide turnover for organizations;
  • A private right of action (in other words, statutory damages resulting from the unlawful infringement of a right under the Québec privacy acts); and
  • The introduction of a “business transaction” exception from consent  that would allow personal information to be disclosed without consent in the course of a business transaction.

In many ways, this proposed reform brings Québec’s privacy laws in line with in the European Union’s General Data Protection Regulation (GDPR). The proposed changes are also conceptually similar to those anticipated as part of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) modernization.

For a full description of Bill 64, read the full article here.

Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Chantal Bernier

About Chantal Bernier

Chantal Bernier leads Dentons’ Canadian Privacy and Cybersecurity practice group. She is also a member of the Firm’s Government Affairs and Public Policy group. Chantal advises leading-edge national and international companies as they expand into Canada and Europe, enter the e-commerce space, adopt data analytics and roll out data-based market initiatives. Her clients include ad tech companies, financial institutions, biotech companies, data analytics firms and government institutions.

Full bio

Kirsten Thompson

About Kirsten Thompson

Kirsten Thompson is a partner in our Corporate group in Toronto and is the national lead of the Transformative Technologies and Data Strategy group. She is also a key member of the Privacy and Cybersecurity group. She has both an advisory and advocacy practice, and provides privacy, data security and data management advice to clients in a wide variety of industries.

Full bio

Olivia D'Souza

Olivia D'Souza

RELATED POSTS