Loi 25

Ce qu'il faut savoir

Important: we are not lawyers.

The information provided in this content is for general information purposes only. It is not intended to be, and should not be construed as, legal advice or an opinion on specific matters. If you require legal advice, please consult a qualified attorney. Using or relying on this information without seeking professional advice may have consequences you did not anticipate.

Table of Contents

What Are Cookies?

Your site uses cookies.

What are cookies?

A cookie is a small piece of code that, among other things, makes it possible to:

  • Displaying a Vimeo or YouTube video
  • Record information relevant to a session, such as adding an item to a shopping cart in an online store;
  • Know whether or not a user is connected to your site;
  • Display Facebook or X (formerly Twitter) feeds  on your website
  • Display a Google Maps on your website
  • Send usage statistics to Google Analytics;
  • Track calls and forms with Google Ads, Bing Ads, or any other advertiser.

The examples above only partially explain the use of cookies.

If you use Google Analytics on your website, it is likely that you will need to inform your visitors and obtain their explicit consent to the use of cookies or other tracking technologies.


Documented Proof of Explicit Consent

It is not explicitly stated that Bill 25 requires documented proof.

The need to obtain explicit consent, and to allow consumers to change it, does suggest the need to keep a record of that consent. You must also keep a record of incidents involving personal information, and inform the commission in the event of an incident.

Aponia offers a simple way to keep a record of this consent. Monthly fees apply.

Consequence on Google Analytics

Without cookies, Google Analytics doesn’t work.

This implies that visitors who don’t accept won’t be included in your Google Analytics number of visitors.

I.e. You may register a large drop in visitors from the day you install the cookie consent popup. If 20% of your visitors decline, your statistics will drop by 20%. Same thing for anything else tracked on Google Analytics. In reality, the real amount of visitors going on your website hasn’t really dropped. According to statistics in Europe, the acceptance rate of cookies is between 10 and 90%. 

In addition to a documented proof of explicit consent above, the paid version of the cookie consent plugin gives us statistics, which we can use to figure out the real amount of visitors on your website. 

Contact Forms

The law insists that organizations must limit the length of time they retain data, whether it comes from the website or internally within your company. This means there is a requirement to delete or anonymize data after a certain period of time.

Gone are the days when we keep customer information from 15 years ago in our database; even for accounting purposes. After all these years, his personal information is probably no longer needed. That’s why the law insists on deletion or anonymization.

On the website side, Aponia recommends automating this process for the website’s contact forms, and destroying them after a set period. The law requires a clear plan for destroying or anonymizing personal data once it has been used.

If you have a contact form that is strictly intended to enable users to perform the demonstrated action, such as sending messages or requests, and you only use the data provided to respond to these messages or requests (and for no other purpose), then filling in and sending the form could be considered an indication of consent to this specific use.

This does not apply, however, if you then add the user to a newsletter, your CMS or CRM, or any other use that cannot be deduced from the said initial form. In these cases, modifications to your existing forms may be necessary.

Privacy Policy

Important: this policy must also include ALL personal information that you collect from the general public, whether you collect this information online, in-person or elsewhere.

You should have a privacy policy on your website. Indicate how you use the information you collect, as well as any information shared with any third party or entity (Some examples: your CRM in the U.S., Google Analytics, a company associated with you, a call recording system provided by a third party, etc.).

In any case, you must designate a privacy officer in your privacy policy. Their contact information must be written in this policy (including phone number and email). All personal information should also be associated with a reasonable data retention limit based on how you use this information and applicable laws. For instance, it may not be reasonable to keep the name of a client after 20 years after the time you last heard from them.

Our WordPress Packages

Basic Package 

  • $250 Package* – Includes a cookie popup, setup for each cookie, cookie policy.
  • $500 Package* – Includes a cookie popup, setup for each cookie, cookie policy, contact form data retention limits, and additions to your privacy policy regarding the type of personal information you are using on your website. 
  • $750 Package* – Includes a custom cookie popup, setup for each different cookie, cookie policy, contact form data retention limits, and additions to your privacy policy regarding the type of personal information you are using on your website. 
*Dans tous les cas, les forfaits excluent les fonctionalités 100% sur mesure de votre site web. À noter que ce n’est pas parce que vous avez des fonctionalités sur mesure que ces fonctionalités impliquent la rétention des données ou des cookies.

Statistics & Documented proof of explicit content

  • $10/month – This documented proof is only included in the premium version of a plugin. To access the plugin, these fees need to be paid. They include yearly security updates. In addition, this also includes acceptance and refusal statistics to help you get accurate numbers of visitors and/or conversions.

This proof includes:

  1. Anonymized IP Address
  2. User ID stored in the local storage of the user
  3. Consent type of the user
  4. Consent description (which choices)
  5. Date of latest choices
  6. Proof to prove the actual process and which cookie policies were active at the time