Blog

Data Portability Right Takes Effect in Quebec: What Service Providers Need to Know

September 20, 2024

Close

Written By Caroline Poirier

Effective September 22, 2024, Quebec's data portability right will come into force, marking the final phase of the implementation of the amendments to the Act respecting the protection of personal information in the private sector (the Act) introduced in the Act to modernize legislative provisions as regards to the protection of personal information (Law 25), which began in September 2022.1 This new right aligns with global trends that emphasize individual control over personal information. For businesses operating in Quebec, understanding the data portability right is essential, as it imposes significant obligations and is critical for both compliance and maintaining customer trust.

What is Data Portability?

In broad terms, data portability allows individuals to request the transfer of their personal information—either to themselves or another organization at their request. This right empowers consumers by giving them greater control over their data and making it easier to switch service providers.

Below are the key considerations.

What are the Requirements for Invoking the Data Portability Right?

  1. Personal information must be computerized: Information in non-digital formats, such as paper records, is not subject to portability right. Although the Act does not explicitly define "computerized personal information," the Commission d'accès à l'information describes it as personal information organized and structured through information technology. 
  2. Personal information must have been collected from the individual: The data must be obtained directly or indirectly from the individual. This includes information gathered through an individual's activities, such as history of purchase, travel and driving habits.2

What is Excluded from Portability?

Certain types of information are not subject to portability rights:

What are the New Obligations for Service Providers as of September 22, 2024?

At the request of an individual, service providers must communicate the computerized personal information in a structured, commonly used technological format.

How Can Service Providers Prepare?

To comply with data portability requirements, service providers should take the following steps:

By understanding data portability requirements and developing robust processes, businesses can not only remain compliant but also build stronger relationships with their customers, enhancing trust and loyalty.

We are grateful for the assistance of Alexia Armstrong, student-at-law, in connection with the preparation of this article.


1 Act Respecting the Protection of Personal Information in the Private Sector, CQLR c P-39.1, s 27.

2 Commission d'accès à l'information, "Vos Droits: Contrôler l'accès et la circulation de vos renseignements personnels", online: <https://www.cai.gouv.qc.ca/protection-renseignements-personnels/citoyens-protection-renseignements-personnels/acces-et-protection-renseignements-personnels>.

4 Supra note 2.

5 Supra note 3.

Author

Related Links



View Full Mobile Experience