Newsletters

178

The Right to Data Portability in Quebec: What Organizations Need to Know

  1. As of September 22, 2024, the last chapter of a significant shift in data privacy will unfold in Quebec. The right to data portability takes effect under the newly amended Quebec Act respecting the protection of personal information in the private sector (“Quebec Act”). This represents a major development in privacy legislation, aligning closely with the European General Data Protection Regulation (GDPR). Section 27 of the Act establishes the right to data portability.

1. This is What You Need to Know:

1.1. What is the Right to Data Portability?

  1. Access and control. The right to data portability is an extension of the right to access. It allows individuals to obtain their personal information from an organization and transfer it to another. This right aims to empower individuals by giving them greater control over their personal information and enhancing competition by simplifying the switch between service providers.

1.2. Key Features of the Quebec Act

  1. Scope of the data portability right. The right pertains to computerized personal information collected from the individual. This excludes information that was created or inferred by the organization, to protect commercial interest of businesses. Further, the right to data portability does not apply to information otherwise exempted by the right of access, like information that would reveal personal information from a third party.
  2. Transfer. Computerized personal information collected from an individual is, at their request, communicated to them or to any person or organization authorized by law to collect such information, at the applicant’s request.
  3. Format. Organizations must provide the data in a structured, commonly used and technological format. Following the European example[1], “a structured, commonly used and technological format” should be understood as the means to comply with minimal requirements facilitating interoperability of the data format provided.
  4. Fees. The Quebec Act does not explicitly prohibit charging fees, contrary to the GDPR.
  5. Destruction. An individual’s exercise of the right to portability does not entail the destruction of the information transferred, which must be kept by organizations to meet their legal or contractual obligations.

2. This is What You Need to Do

2.1. Practical Implications for Organizations

  1. As organizations prepare to comply with the new requirements under the Quebec Act, several issues remain outstanding. Further guidance will be required to fully grasp compliance requirements in Quebec. Yet, the following steps are to be considered.
  2. Update policies. Ensure your privacy policies clearly inform individuals of their right to data portability and how they can exercise it.
  3. Train and raise awareness. Train employees on the new obligations and how to handle requests under the Act. Ensure that your processes are designed to handle these requests efficiently and in compliance with the new regulations.
  4. Implement transfer mechanisms. Develop processes and tools for secure and efficient transfers of information. This might include adopting interoperable formats or utilizing secure messaging systems.
  5. Consider technological solutions. Explore tools and technologies that can facilitate data portability, such as data transfer APIs (Application Programming Interfaces), developing or enabling personal data access points or other personal data management systems.

[1]Guidelines on the right to data portability of the Article 29 Working Party, predecessor of the European Data Protection Board (https://ec.europa.eu/newsroom/article29/items/611233/en)

 

178

Authors

Pierre E. Moreau

Lawyer, Partner

Tomas Vazquez

Lawyer, Associate

Articles in the same category

Estate Planning: Don’t Overlook Your Safe Deposit Box

Whether you have an estate plan in place or are in the process of estate planning or you have procrastinated about estate planning, you may wish to consider the pros and cons of a safe deposit box (also commonly called a safety deposit box) in your estate plan. At one time, safe deposit boxes were […]

The Duty to Inform in a Commercial Transaction

“The [person drafting] the documents for a transaction has a duty to inform the co-contracting parties of any changes he makes to these documents.’’ [1] – this is how the Honourable Ian Demers, J.C.S., began his judgment dated April 23, 2024, in Maçons Patrimoniaux Inc. v. Aliston Investissement Inc., 2024 QCCS 1447. In this case, […]

Medical Certificates and Bill C-68: What Are the Consequences for Employers?

Scope of Application and Entry into Force The Act mainly to reduce the administrative burden of physicians (“Bill 29”) was passed on October 8, 2024. These provisions amend the Act respecting labour standards (the “ALS”) and will come into force on January 1, 2025. These new prohibitions also apply to employees governed by the Act […]

A Heritage Building, Arson and Deadly Fire: Was the 15 Day Notice to the City Required?

Facts On March 16, 2023, a fatal fire destroyed a heritage building in Old Montréal owned by Plaintiff Mr. Émile Benamor. It is alleged that the fire was caused by a third party and was of a criminal nature. The plaintiff brought an action against the City of Montréal claiming $7 575 000, for the […]

The Reckitt Case: A “Corrosive” Court of Appeal Ruling Against Manufacturers

Our readers will recall a first-instance judgment rendered in February 2023 by Justice Alain Michaud, commented on by Ariane Vanasse of RSS, available on our website. This judgment was appealed by Reckitt, the manufacturer of Lysol Advance. In its recent decision, the Court of Appeal discusses the manufacturer’s duty to inform, re-examining earlier key decisions. […]

“Anti-Scab” Bill: What C-58 Means for Your Business, Part 1

General remarks Coming into force. On June 20, 2024, Bill C-58, An Act to amend the Canada Labour Code and the Canada Industrial Relations Board Regulations, 2012 (Bill C-58) received Royal Assent. Bill C-58 will come into force on June 20, 2025. Prohibition. Bill C-58 prohibits employers from using, during a legal strike or lockout intended […]