:PROPERTIES:
:ID:       auto-quebec-law-25
:CREATED:  [2026-05-23 Sat]
:END:
#+title: gate rules. The gate stack can encode "this data flow crosses a CCPA boundary"
#+filetags: :passepartout:compliance:framework:quebec:

gate rules. The gate stack can encode "this data flow crosses a CCPA boundary"
and automatically enforce the opt-out at every data access. First-mover
advantage is moderate (many CCPA tools exist) but none provide a deterministic,
verifiable audit trail — they are all document-based.

** Canadian provincial privacy (Quebec Law 25, Ontario PHIPA)

Quebec Law 25 (2023-2024 phased) is Canada's most aggressive privacy
regulation — closer to GDPR than PIPEDA. Requires: privacy officer appointment,
privacy impact assessments, consent modernization, data portability, right to
de-index, algorithm transparency (automated decision-making disclosures).
Penalties up to $25M CAD or 4% of global revenue.

Why it matters: The algorithm transparency requirement is unique — organizations
must disclose how automated decision systems work. The gate stack's ACL2 proof
log is a natural algorithm transparency artifact. First-mover advantage: this
is a new requirement with no established vendor tooling.