Québec’s updated privacy law raises the bar for businesses operating in Canada’s second-most populous province, imposing additional compliance obligations on companies already contending with U.S., European, and Asian privacy regimes.
The law brings Québec more in line with Europe’s General Data Protection Regulation, but nuances mean businesses must act precisely or face hefty regulatory penalties and consumer-led litigation through the law’s private right of action.
Bill 64, which received royal assent in September, requires companies to conduct privacy impact assessments for the transfer of personal information outside of Québec and appoint designated privacy officers. Most of the law’s provisions take ...