Privacy-proof your website for Quebec Law 25 compliance

Automate consent management and align your business with Law 25's new compliance obligations with the most trusted cookie consent solution.

Become Quebec Law 25 Compliant

14-day free trialCancel anytime

Privacy-proof your website for Quebec Law 25 compliance

The #1 cookie consent solution, trusted by 1.5 Million+ websites

Decathlon
KFC
Dominos
Heineken
Forbes
Toyota
Renault

Check your Quebec Law 25 Compliance

CookieYes will scan your website and keep you informed on the personal data your website collects through cookies.

Cookie Scanner

Quebec Law 25, is a legislative act that aims to transform the rules governing the collection, use, and disclosure of personal data in Quebec, Canada. It was adopted into law in September 2021 and has a three-year roll-out period starting in 2022, with the second phase coming into effect on September 22, 2023.

Law 25 was enacted in September 2021 with provisions rolling out in three phases — September 2022, September 2023, and September 2024, when all provisions are fully in effect.

Quebec Law 25 Checklist for Websites

  • Conduct a Privacy Impact Assessment
  • Obtain user consent for cookies
  • Allow users to easily withdraw consent
  • Include a clear and up-to-date privacy policy
  • Implement privacy by default
  • Notify data breach to regulatory authority and users

Comply with Quebec Law 25 using CookieYes

Display cookie consent banner for visitors

Law 25 requires businesses to obtain consent prior to the collection, use, or disclosure of personal information (including data collected through cookies).

With CookieYes you can

  • Scan your website against a 100,000+ cookie database
  • Display a custom cookie banner to get opt-in consent
  • Show a consent revisit widget for users to withdraw consent
Display cookie consent banner for visitors

Automate consent management

Ensure up-to-date and ongoing compliance with Law 25's requirements for consent by automating your consent management.

With CookieYes you can

  • Auto-block all third-party cookies before user consent
  • Schedule cookie scanning for continuous compliance
  • Document consent logs for regulatory audits
Automate consent management

Generate a compliant privacy policy

Under Quebec Law 25, businesses should demonstrate transparency and inform how they collect, use, or disclose users' personal information.

With CookieYes you can

  • Use our pre-built, legally compliant policy templates
  • Generate your privacy policy and cookie policy in minutes
  • Simply copy-paste the legal policies to your website
Generate a compliant privacy policy

Achieve regulatory compliance with ease with our no-code cookie consent solution

14-day free trial
Cancel anytime

Learn more about Quebec Law 25 and take the next step towards compliance

What is Quebec Law 25?

What is Quebec Law 25?

Quebec Law 25 is a privacy legislation that governs the protection of personal information in Quebec. Officially known as 'The Act to modernize legislative provisions as regards the protection of personal information', it updates the existing framework, enhancing the data protection rights of individuals and introducing new obligations for both public and private entities in the province. Introduced as Bill 64, Law 25 was adopted in September 2021, with provisions coming into effect in three phases – in September 2022, September 2023 and September 2024.

Who does Quebec Law 25 apply to?

Who does Quebec Law 25 apply to?

Quebec's Law 25 applies to persons who collect, store, use or share personal information for an economic activity, commercial or non-commercial. It pertains to any organization, including government bodies and non-profit organizations that conducts commercial activities catering to Quebec residents. Law 25 applies to an organization based in Quebec as well as to organizations located outside the province.

What are consumer rights in Quebec Law 25?

What are consumer rights in Quebec Law 25?

Right to be informed

Right to be informed

The right to be informed what information is collected, how it's used, and the reasons for processing, except in specific circumstances where consent isn't required.

Right to access

Right to access

Individuals have the right to access their personal information held by organizations, subject to legal requirements and time limits.

What is the penalty for non-compliance?

What is the penalty for non-compliance?

Under Law 25, the Quebec Commission on Access to Information (CAI) can impose administrative fines for non-compliance. Private-sector organizations may face administrative fines up to $10 million CAD, or an amount equivalent to 2% of their global turnover for the previous fiscal year, whichever is higher. Individuals can be subject to fines of up to $50,000 CAD.

The CAI may institute criminal proceedings for more serious breaches of the law. The fines for penal offences can go between CAD 15,000 to CAD 25 million, or 4% of an entity's worldwide turnover from the preceding fiscal year, whichever is greater. Repeat violations can result in doubled fines.

FAQ on Quebec Law 25

Quebec's Law 25, officially known as 'An Act to modernize legislative provisions as regards the protection of personal information,' is the new Quebec privacy law. It governs the handling of personal information in Quebec. It introduces a set of new requirements for businesses operating in the province, including new obligations to safeguard the personal data of residents, the appointment of Privacy Officers, the establishment of a private right to take legal action, and the conduct of privacy impact assessments (PIAs).

Fast-track your Quebec Law 25 compliance in minutes

Set up a cookie consent banner in 3 simple steps and automate your compliance.

14-day free trial
Cancel anytime