Stay informed about our most recent articles, training activites and job offers.

Therrien Couture Joli-Coeur Newsletter

Stay informed about our most recent articles, training activites and job offers.

By clicking "Sign me up", I confirm my registration to the subscription list and I consent to TCJ processing my email in order to send me newsletters on an ad hoc basis. I confirm that I have read and consented to the Privacy Policy.

Write us

By filling out this form, you enable our team to fully understand your needs and offer you the service best suited to your expectations. We thank you for your trust and promise to provide you with a follow up as soon as possible.

By clicking "Send", I confirm that I have read and consented to the Privacy Policy.

Privacy and cybersecurity

Creating a Website or Application: 5 Obligations Not to Overlook

  • Dany Guimond-Valcourt
  • Élyse Rioux
By Dany Guimond-Valcourt and Élyse Rioux
Launching a digital platform is much more than coding an interface or refining a user experience.

From the earliest stages of development, it is essential to comply with several obligations to avoid unpleasant surprises, especially on the eve of a launch. 

This article presents five essential elements to consider to ensure the compliance of your website or application, protect your business, and build user trust.

1.    Terms of Use vs. Service Agreement

The terms of use (or “terms and conditions”) apply to any person who accesses your website or application whether or not they are a client.

They are used, among other things, to:

  • set out the platform’s rules of use;
  • limit your liability for errors, interruptions or misuse;
  • limit prohibited behaviours;
  • specify your intellectual property rights to the content;
  • indicate applicable law and court of competent jurisdiction in the event of a dispute.

This must be distinguished from the service contract, which is a bilateral agreement between your company and a specific client. It specifies, among other things:

  • the services rendered;
  • the obligations of each party;
  • the terms and conditions of payment;
  • the remedies for breach of contract.

These two documents are complementary and essential for framing your relationships with users and clients and for protecting your business on all fronts.

2.    Privacy Policy 

Since the coming into force of the Act respecting the protection of personal information in the private sector (the “Private Sector Act”), any company that collects personal information by technological means must publish a privacy policy, written in clear and simple terms, and ensure it is easily accessible. 

The Commission d’accès à l’information recommends that certain topics be addressed, including:

  • the types of personal information collected and the purposes for which they are collected;
  • the methods of collection and the people who can access the data;
  • the rights of those concerned (right of access, rectification, withdrawal, etc.);
  • the procedure to exercise these rights;
  • the security measures in place;
  • the contact information for the Person in charge of the protection of personal information. 

Tip: Use language that can be easily understood by your clients and users: avoid legal jargon. 

3.    Cookie Management Banner 

Cookies make it possible to track user behaviour, often for analytical or advertising purposes. 

The Private Sector Act requires:

  • disabling non-essential cookies by default;
  • obtaining explicit consent before their activation;
  • a user-friendly and accessible interface for managing preferences. 

This includes, among other things, the implementation of a clear cookie banner, with customization options allowing the user to easily accept or refuse them, as well as a link to the privacy policy. 

4.    Newsletters and Commercial Communications 

Sending newsletters, promotional emails, or any other commercial electronic communication is strictly regulated by Canada’s Anti-Spam Legislation (CASL). You must, among others:

  • obtain express consent before sending a commercial message;
  • include a clear and functional link to unsubscribe, allowing recipients to easily remove themselves from the mailing list without having to go through multiple steps;
  • clearly identify the sender and the purpose of the message. 

Failure to comply with these rules can result in significant penalties: up to 1 million per violation for an individual and up to 10 million per violation for a business. 

5.    Responsible Use of Artificial Intelligence (AI) 

If your platform uses AI (e.g., an intelligent conversational agent or “chatbot”), you must:

  • implement verification and governance mechanisms to assess privacy risks before deployment;
  • perform due diligence on the desired AI solution;
  • inform users if a decision is made in a fully automated manner and explain to them:
    • that the decision is automated;
    • the personal information used to make this decision;
    • the criteria used to make this decision;
    • the right to have this decision reviewed by a “real” person. 

These requirements are part of an approach based on transparency, accountability, fairness and non-discrimination, as well as the protection of personal information—principles essential to any responsible use of AI. 

Conclusion 

This article provides an overview of some key obligations, but it is only a starting point. Other legal aspects also deserve particular attention, including:

  • intellectual property rights;
  • the location where personal information is hosted, particularly when it is outside Quebec;
  • compliance with the Charter of the French Language

Want to see things more clearly? We can assist you in incorporating these requirements right from the earliest stages of development, preparing your legal documents, supporting you with the launch of your platform and its updates, and ensuring the ongoing compliance of your website or application.

Share this article
2