On September 21, 2021, the Act to Modernize Legislative Provisions as Regards the Protection Of Personal Information (Bill 64) obtained a majority vote in the National Assembly of Quebec 14 months after its initial introduction. The vote means that Bill 64 has been adopted and is set to become law following royal assent. Quebec’s existing privacy framework is set to be overhauled by the incoming Bill 64 and its requirements will have a wide impact on both the private and public sectors. Bill 64 will enter into effect across three years with the first set of provisions becoming effective 12 months after the date of assent.
The Three-Year Entry into Effect of Bill 64
Bill 64 will introduce many new provisions into Quebec’s existing privacy legislation across three years from the date of assent. This will give organizations time to bring their privacy programs up to speed with the new requirements and avoid the new penalties outlined by Bill 64.
Provisions entering into effect after one year:
Provisions entering into effect after two years:
Provisions entering into effect after three years:
Further to the provisions outlined above, Bill 64 will also introduce new monetary penalties of up to CAD 50,000 (approx. €33,330) for individuals. Businesses will be subject to penalties up to CAD 10,000,000 (approx. €6,667,950) or 2% of worldwide turnover for the preceding year, whichever is greater. The CAI will also have the power to launch penal proceedings with a maximum penalty of CAD 100,000 (approx. €66,660) in the case of a natural person and CAD 25,000,000 (approx. €16,667,130) or 4% of worldwide turnover for the preceding fiscal year (whichever is greater) in all other cases. In the event of a subsequent offense, the fines will be doubled. Bill 64 will also provide a private right of action for individuals who have suffered injury as a result of a violation of the rights introduced by Bill 64. The court can award damages of at least CAD 1,000 (approx. €670).
Read the news: Quebec: CAI welcomes adoption of Bill 64
The adoption of Bill 64 will pose significant challenges for private and public organizations operating in the province who will need to operationalize new processes, update and develop new policies, and account for additional data subject rights. OneTrust offers a number of solutions to help organizations bring their privacy programs up to speed with Bill 64’s new requirements including Policy & Notice Management, Privacy Rights (DSAR) Automation, and Incident Management. Request a demo to learn more.