At the end of December, the oversight division of the Québec privacy regulator (CAI) published its first decision since sweeping changes under Law 25 came into force. The decision follows from a self-initiated investigation by the CAI into the use of facial recognition to control employee access to an organization’s premises. Consistent with past decisions, the organization was ordered to cease using the facial recognition technology. As organizations are increasingly relying on biometrics and the number of biometric filings with the CAI has surged in the last two years, this decision is a reminder of the high legal threshold for using biometric identification technologies in Québec.
Our National Privacy and Data Management team has summarized the key requirements for biometric identity verification systems in Québec, and important takeaways for businesses (click here to read article).
Information on changes introduced by Law 25 to Québec's biometric data processing regime, including our key obligations chart, is available to AccessPrivacy subscribers on the Law 25 Resource Page.