Which Laws Protect the Personal Info of Quebecers, Europeans and Americans? ITC’s Guide to Data Protection

At a time when technology is rapidly advancing in many sectors (think artificial intelligence for customer service chatbots and machine learning for medical diagnostics), it’s natural to wonder what issues may come along with these innovations. One such concern involves how personal data and confidential information are collected and used.

What protections exist for personal data?

This question is especially relevant these days as clients consider the potential risks of sharing personal information and confidential documents with a partner company like ITC Translations. In response, it’s important to remember that the technology sector isn’t the only one making staggering advances. Privacy protections are also changing, and companies are required to keep up.

The European Union introduced the General Data Protection Regulation (GDPR) in 2018, setting the bar very high for privacy protection, and ITC made it our priority to adopt its provisions. And in 2021, Law 25 went into effect in the Canadian province of Quebec, modernizing legislative provisions on personal data protection. This law, a pioneering legal framework in Canada, modernized Quebec’s laws on privacy protection while offering individuals more transparency and control. It covers businesses in the private and public sectors, as well as private organizations, all of whom must comply with new requirements giving people new data protection rights.

Personal data is any information related to a physical person that enables this person to be identified and that is collected, held, used or communicated to third parties in the course of running a business. Since Law 25’s scope extends to any end user of a supplier based in Quebec, whether they are in the province or not, it’s clear that all Quebec consumers are covered and protected by this legislation.

Just like the GDPR, ITC Translations also strictly complies with all requirements set out in Law 25. Here are a few of this law’s provisions:


Consumers now have a fundamental right of access. When data is collected, companies must now inform the person concerned about the reason for which it is collected, how the information is collected and what rights they have to access and correct data and withdraw their consent for collection at any time. In addition, companies must now inform their users about how third parties use their personal information, including the name of the third party for whom data is collected, who this information may be shared with and whether this information will be shared outside Quebec.

Right to Privacy by Default

Law 25’s implementation reverses the standard logic of privacy protection, giving consumers the automatic right to confidentiality. This means that profiling or tracking technology must be deactivated by default on any company website, unless express permission is given, rather than the other way around as it had been previously.

Right to Delete and Transfer

In keeping with the GDPR’s provisions on the right to be forgotten, consumers now have the right to ask companies to stop sharing their personal data, as of September 22, 2023. In cases where this sharing causes them damage or contravenes a court ruling, they will also have the right to have all links associated with their name deindexed. In addition, starting on September 22, 2024, users can request a digital copy of all personal information a company has gathered on them.

Financial Penalties

For individuals, the maximum penalty for criminal offenses under Law 25 is $100,000. For private sector companies, criminal fines for non-compliance can range from $15,000 to $25,000,000 or 4% of the company’s total revenue, whichever is higher.


As we’ve seen, the privacy of people in Quebec and EU member states is well protected. But what about those living in the United States? The American law most similar to the GDPR is the California Consumer Privacy Act (CCPA), which went into effect in 2020 and applies to all consumers living in California. In addition, the California Privacy Rights Act (CPRA), which was introduced in January 2023, enhanced privacy legislation to extend opt-out rights and introduce other changes that bring it even closer to the GDPR.

How ITC Translations Protects Clients’ Personal Data

ITC Translations is meticulous, collaborative and transparent with our clients. Keeping your data secure and protecting your privacy are top priorities in every country where we do business. We follow all legislation to the letter, including Law 25 in Quebec, the GDPR in the European Union and the CCPA in the United States. And since respect and loyalty are two of our values at ITC, our clients, partners and employees can safely share their confidential data and documents with us, knowing that we will always protect this information.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − twelve =