For freedom and solidarity online

Make your website legally compliant with Quebec's Bill 25


Since September 22, 2023, Quebec-based organizations must apply certain measures to their website in order to comply with Bill 25.

Measures related to Bill 25

A fact sheet prepared by the Commission d'accès à l'information (in French) summarizes these measures. Among those that may affect your web site is the addition of a person responsible for the protection of personal information:

  • Designate a person responsible for the protection of personal information and publish the title and contact details of the person responsible on the company's website or, if it does not have a site, make them available by any other appropriate means.

NOTE: It is not essential to identify this person by name: they can be designated by title (e.g. "Privacy and Confidentiality Officer"), and their contact information can be an appropriate e-mail address (e.g. privacy@yourdomain.com).

In addition, having a privacy policy on the website is now required, as well as a system that allow visitors to know what data is being collected (notably with the use of cookies), and to give or withdraw their consent. These include:

  • Having established policies and practices governing the management of personal information, and publishing detailed information about them in simple, clear terms on the company's website or, if it doesn't have a site, by any other appropriate means;

  • Respect the new rules governing consent to the collection, communication or use of personal information;

  • Destroy personal information once the purpose for which it was collected has been fulfilled, or anonymize it to use it for serious and legitimate purposes, subject to the conditions and retention period stipulated by law;

  • Respect the right to cease dissemination, to reindex, or to de-index (or the right to be forgotten);

Privacy policy

To prepare your privacy policy, if your website uses WordPress as its content management system, there is a tool in Settings > Privacy that allows you to create a basic policy template, which you can then complete with your own details. You may also wish to consult the following references:

When drafting the privacy policy, in addition to the information collected from your website, you should also keep in mind the use of services from other providers, which also record information and have their own privacy policies, for example:

  • Social networks
  • Newsletter services
  • Payment gateway(s)
  • Forms set up on other services (Google Drive, OneDrive, etc.)

Cookie approval

To set up a floating banner on your website that will allow people to view cookies, there are several free options, both for WordPress and for Drupal. Here are a few examples:

  • WordPress
  • Drupal
    • EU Cookie Compliance (GDPR Compliance)](https://www.drupal.org/project/eu_cookie_compliance)
    • COOKiES Consent Management](https://www.drupal.org/project/cookies)

In systems that allow you to specifically control which cookies to keep, you'll need to identify and configure each file separately. This tutorial can show you how to identify cookies. In general, cookies are associated with the following scenarios:

  • Using a tool to collect statistical data on website visits (Matomo, Google Analytics);
    • Cookies are used to measure repeated visits from the same device.
  • Using an online store and payment gateway(s);
    • Cookies are used for security purposes (fraud prevention, for example).
  • Using a multilingual system;
    • Often, a cookie records the user's language preference.
  • Using a member-only area/intranet, implementing communication tools (comments, message boards, etc.);
    • Cookies are used to save your preferences.
  • Integrating social networking features (e.g. displaying a feed from your Facebook page);
    • Social networks may use cookies for their own purposes.

If you need support to ensure that your privacy policy reflects the way your website works, or to set up a cookie approval banner, you can use our services by filling the quote request form.

Other references

  • Aide-mémoire: Barreau du Québec (in French)](https://www.barreau.qc.ca/media/deknztxe/aide-memoire-loi-25.pdf)
  • MNP: Québec’s Law 25: Is your organization prepared?](https://www.mnp.ca/en/insights/directory/quebecs-law-25-is-your-organization-prepared)

Call us

☏ +1 514 907 9494
Lun: 10h à 12h et 13h à 16h
Mar: 10h à 12h
Mer: 10h à 12h et 13h à 16h
Jeu: 10h à 12h
Mon: 10am to 12pm and 1pm to 4pm
Tue: 10am to 12pm
Wed: 10am to 12pm and 1pm to 4pm
Thu: 10am to 12pm

Come and See Us!

1883, rue Atateken,
Montréal (Québec) H2L 3L7, Canada
Veuillez noter que nos bureaux n'ont pas de stationnement attitré.
1883 Atateken Street,
Montreal, Quebec, H2L 3L7, Canada
Please note that you'll need to find on-street parking.

Write to Us

Informations générales

Support technique

Pour une demande de devis, voir le formulaire à la page contact.

Nos clefs PGP

Politique de confidentialité

General inquiries

Technical support

For a free estimate, see the form on our contact page.

Our PGP keys

Privacy Policy

Follow Us