ARTICLE
27 November 2025

Biometrics: Compliance Principles And Legal Obligations Of Organizations

BL
Borden Ladner Gervais LLP

Contributor

Borden Ladner Gervais LLP logo
BLG is a leading, national, full-service Canadian law firm focusing on business law, commercial litigation, and intellectual property solutions for our clients. BLG is one of the country’s largest law firms with more than 750 lawyers, intellectual property agents and other professionals in five cities across Canada.
Explore Firm Details
Lexpert Firm Profile
The Commission d'accès à l'information (the Commission) promotes and enforces citizens' rights regarding access to documents of public bodies...
Canada Quebec Privacy
Frédéric Wilson and Cléa Jullien
Your Author LinkedIn Connections
Frédéric Wilson’s articles from Borden Ladner Gervais LLP are most popular:
  • within Privacy topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives
  • with readers working within the Banking & Credit, Insurance and Healthcare industries

INTRODUCTION

The Commission d'accès à l'information (the Commission) promotes and enforces citizens' rights regarding access to documents of public bodies, as well as the protection of their personal information held by public bodies and private enterprises.

For several years, the Commission has noted an increased use of biometrics in both the private and public sectors. This technology, which has become increasingly accessible due to technological advances (algorithms, machine learning, storage capabilities), has become affordable in terms of both installation and maintenance. Biometric systems are seen as a simple and convenient way of achieving several purposes (control of employee schedules, identity verification, access to premises, etc.). Some companies even offer turnkey versions of such systems, making them easier to adopt.

However, the popularity of biometrics has led to a certain trivialization of its privacy implications. While it is said to be safe, we often forget that its use poses risks to individuals' privacy. The legal framework that applies to biometrics is also not well known.

It is in this context that this guide has been developed, whose objectives and target audience are presented in the following pages.

WHAT ARE THE OBJECTIVES OF THIS GUIDE?

The Commission is publishing this guide to:

  • Raise awareness among public bodies and private-sector organizations of their responsibilities and obligations in protecting personal information when using biometrics;
  • Assist them in completing the declaration that they must submit to the Commission, before starting to use biometrics, in either of the following two cases:
    • If they require the use of a biometric system, or a process for capturing biometric characteristics or measurements, to verify or confirm the identity of one or more individuals;
    • If they create a database of biometric characteristics or measurements – in this case, the disclosure must be made at least 60 days before the database is operational.


      The Commission provides a declaration form (available in French only) to that effect. This form allows you to provide all the required information.

WHO IS THIS GUIDE FOR?

This guide is aimed at both public bodies and private enterprises of all sizes. It is intended for:

  • Decision-makers;
  • Those responsible for implementing projects that involve the use of biometrics;
  • Privacy officers.

Legal obligations with regard to biometrics in Québec apply to any organization wishing to use a biometric system or a process to capture biometric characteristics or measurements.

This guide also applies to private enterprises that provide such solutions. It is important that they know these rules in order to properly advise their clients, to avoid misleading them, and to offer products that comply with the legislation applicable in Québec.

WHAT ARE BIOMETRICS?

Throughout this guide, biometrics refers to the set of techniques that analyze one or more unique characteristics of a person (physical, behavioural, or biological) in order to determine or prove their identity. The digitalization of biometrics allows for the automation of this identification or authentication. For the most part, biometrics are mainly used today through automated systems.

Some projects or technologies may use morphological, behavioural, or biological characteristics for purposes other than verifying or confirming the identity of individuals: thermal cameras, anonymous video analysis (AVA), connected health bracelets, emotion recognition systems, etc. Although these uses are not specifically covered by all the principles contained in this guide, either the Act respecting Access to documents held by public bodies and the Protection of personal information (Access Act) or the Act respecting the protection of personal information in the private sector (Private Sector Act) applies to organizations implementing such projects.

No matter the project, if biometric characteristics or measurements are involved, it is recommended to conduct a privacy impact assessment (see the introduction to Section 1) as this is sensitive personal information (see below).

Note that as of September 22, 2023, a privacy impact assessment will be required for any project involving the acquisition, development, or overhaul of an information system or electronic service delivery system that involves the collection, use, communication, keeping, or destruction of personal information. The Commission is already offering a guide for this process.

To view the full article click here.

About BLG

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Frédéric Wilson
Frédéric Wilson
Photo of Cléa Jullien
Cléa Jullien
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More