Formally known as Bill 24, Québec Law 25 is Québec’s strict new and enhanced privacy legislation that came into effect in September 2022. It is overseen by La Commission d’accès à l’information du Québec and represents a significant overhaul of the province’s approach to the protection of personal information.
QUEBEC LAW 25
Québec Law 25: the essentials
What exactly is Québec Law 25?
The goal of the new legislation is to improve the privacy rights of the people of Québec and ensure that any organization that handles an individual’s personal information (information that can identify an individual either directly or indirectly), is obliged to do so responsibly, securely and transparently. As such, it’s much stricter than Canada’s Federal Personal Information and Electronics Documents Act (PIPEDA) and is more closely aligned with Europe’s General Data Protection Regulation (GDPR).
Who is affected?
Québec Law 25 impacts all Québec-based organizations that handle the personal information of individuals living in Québec, whether the organization is based within the province or not. This also applies to foreign companies, even those engaged in simple e-commerce and online shopping transactions.
September 22, 2024 marks the end of a 3−year transition period. So as of now, all businesses must be
fully compliant with Québec Law 25.
What’s changed?
Here’s a quick guide to the key changes in the law you need to be aware of.
Sign-up to our Newsletter
Sign up to our newsletter to keep up to date with all our latest news and insights.