Privacy-proof your website for Quebec Law 25 compliance
Automate consent management and align your business with Law 25's new compliance obligations with the most trusted cookie consent solution.
The #1 cookie consent solution, trusted by 1.5 Million+ websites
Check your Quebec Law 25 Compliance
CookieYes will scan your website and keep you informed on the personal data your website collects through cookies.
Quebec Law 25, is a legislative act that aims to transform the rules governing the collection, use, and disclosure of personal data in Quebec, Canada. It was adopted into law in September 2021 and has a three-year roll-out period starting in 2022, with the second phase coming into effect on September 22, 2023.
Law 25 was enacted in September 2021 with provisions rolling out in three phases — September 2022, September 2023, and September 2024, when all provisions are fully in effect.
Quebec Law 25 Checklist for Websites
- Conduct a Privacy Impact Assessment
- Obtain user consent for cookies
- Allow users to easily withdraw consent
- Include a clear and up-to-date privacy policy
- Implement privacy by default
- Notify data breach to regulatory authority and users
Comply with Quebec Law 25 using CookieYes
Display cookie consent banner for visitors
Law 25 requires businesses to obtain consent prior to the collection, use, or disclosure of personal information (including data collected through cookies).
With CookieYes you can
- Scan your website against a 100,000+ cookie database
- Display a custom cookie banner to get opt-in consent
- Show a consent revisit widget for users to withdraw consent
Automate consent management
Ensure up-to-date and ongoing compliance with Law 25's requirements for consent by automating your consent management.
With CookieYes you can
- Auto-block all third-party cookies before user consent
- Schedule cookie scanning for continuous compliance
- Document consent logs for regulatory audits
Generate a compliant privacy policy
Under Quebec Law 25, businesses should demonstrate transparency and inform how they collect, use, or disclose users' personal information.
With CookieYes you can
- Use our pre-built, legally compliant policy templates
- Generate your privacy policy and cookie policy in minutes
- Simply copy-paste the legal policies to your website
Learn more about Quebec Law 25 and take the next step towards compliance
What is Quebec Law 25?
Quebec Law 25 is a privacy legislation that governs the protection of personal information in Quebec. Officially known as 'The Act to modernize legislative provisions as regards the protection of personal information', it updates the existing framework, enhancing the data protection rights of individuals and introducing new obligations for both public and private entities in the province. Introduced as Bill 64, Law 25 was adopted in September 2021, with provisions coming into effect in three phases – in September 2022, September 2023 and September 2024.
Who does Quebec Law 25 apply to?
Quebec's Law 25 applies to persons who collect, store, use or share personal information for an economic activity, commercial or non-commercial. It pertains to any organization, including government bodies and non-profit organizations that conducts commercial activities catering to Quebec residents. Law 25 applies to an organization based in Quebec as well as to organizations located outside the province.
What are consumer rights in Quebec Law 25?
Right to be informed
The right to be informed what information is collected, how it's used, and the reasons for processing, except in specific circumstances where consent isn't required.
Right to access
Individuals have the right to access their personal information held by organizations, subject to legal requirements and time limits.
What is the penalty for non-compliance?
Under Law 25, the Quebec Commission on Access to Information (CAI) can impose administrative fines for non-compliance. Private-sector organizations may face administrative fines up to $10 million CAD, or an amount equivalent to 2% of their global turnover for the previous fiscal year, whichever is higher. Individuals can be subject to fines of up to $50,000 CAD.
The CAI may institute criminal proceedings for more serious breaches of the law. The fines for penal offences can go between CAD 15,000 to CAD 25 million, or 4% of an entity's worldwide turnover from the preceding fiscal year, whichever is greater. Repeat violations can result in doubled fines.
FAQ on Quebec Law 25
Quebec's Law 25, officially known as 'An Act to modernize legislative provisions as regards the protection of personal information,' is the new Quebec privacy law. It governs the handling of personal information in Quebec. It introduces a set of new requirements for businesses operating in the province, including new obligations to safeguard the personal data of residents, the appointment of Privacy Officers, the establishment of a private right to take legal action, and the conduct of privacy impact assessments (PIAs).
Fast-track your Quebec Law 25 compliance in minutes
Set up a cookie consent banner in 3 simple steps and automate your compliance.