26 lines
1.2 KiB
Org Mode
26 lines
1.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-quebec-law-25
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: gate rules. The gate stack can encode "this data flow crosses a CCPA boundary"
|
|
#+filetags: :passepartout:compliance:framework:quebec:
|
|
|
|
gate rules. The gate stack can encode "this data flow crosses a CCPA boundary"
|
|
and automatically enforce the opt-out at every data access. First-mover
|
|
advantage is moderate (many CCPA tools exist) but none provide a deterministic,
|
|
verifiable audit trail — they are all document-based.
|
|
|
|
** Canadian provincial privacy (Quebec Law 25, Ontario PHIPA)
|
|
|
|
Quebec Law 25 (2023-2024 phased) is Canada's most aggressive privacy
|
|
regulation — closer to GDPR than PIPEDA. Requires: privacy officer appointment,
|
|
privacy impact assessments, consent modernization, data portability, right to
|
|
de-index, algorithm transparency (automated decision-making disclosures).
|
|
Penalties up to $25M CAD or 4% of global revenue.
|
|
|
|
Why it matters: The algorithm transparency requirement is unique — organizations
|
|
must disclose how automated decision systems work. The gate stack's ACL2 proof
|
|
log is a natural algorithm transparency artifact. First-mover advantage: this
|
|
is a new requirement with no established vendor tooling.
|
|
|