Québec’s new privacy bill: a comparison of Bill 64, PIPEDA and the GDPR

On June 12, 2020, the Québec government proposed a significant overhaul of its current privacy laws through the introduction of the highly anticipated Bill 64, An Act to Modernize Legislative Provisions Respecting the Protection of Personal Information (“Bill”). The stated objective of the changes, once passed, is to modernize the protection of personal information and to ensure both the public and private sectors are meeting the obligations that they have to protect the personal information they possess.

Should the Bill pass, both public and private organizations across Québec would see major reforms and significantly increased obligations as to how they hold and protect their customers’ personal data.

The key changes are:

  • Privacy by design obligations for the default settings for companies’ technology  products;
  • More onerous consent requirements;
  • New rights for individuals: data portability, the right to be forgotten and the right to object to automated processing of their personal information;
  • The requirement to appoint a Chief Privacy Officer and establish governance policies and practices;
  • Mandatory breach reporting and notification;
  • Significant penalties could be imposed by the Commission d’accès à l’information (CAI) of up to CA$50,000.00 for individuals, CA$10 million or 2% of worldwide turnover, whichever is greater, and penal sanctions of up to CA$25 million or 4% of worldwide turnover for organizations;
  • A private right of action (in other words, statutory damages resulting from the unlawful infringement of a right under the Québec privacy acts); and
  • The introduction of a “business transaction” exception from consent  that would allow personal information to be disclosed without consent in the course of a business transaction.

In many ways, this proposed reform brings Québec’s privacy laws in line with in the European Union’s General Data Protection Regulation (GDPR). The proposed changes are also conceptually similar to those anticipated as part of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) modernization.

For a full description of Bill 64, read the full article here.

Subscribe and stay updated
Receive our latest blog posts by email.

Juniper Networks Releases Security Updates for Multiple Products

Original release date: July 9, 2020

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.