Limited time offer Try for Free
Français Register
MonGardy — daycare app for Quebec

Law 25 for daycares: what to know

For directors

A clear guide to Quebec's Law 25 for daycares and CPEs: consent, photos, children's information, choosing vendors, and everyday best practices.

Register ← All articles
  • Data hosted in Canada
  • Built for Quebec privacy
  • Data Encryption
  • Invite-only onboarding

Law 25 (the Act to modernize legislative provisions as regards the protection of personal information) strengthened the obligations of every Quebec organization that handles personal information — including daycares and CPEs. Here’s the essence, in plain language.

This article is informational and not legal advice. For your specific situation, consult a qualified advisor.

Why daycares are concerned

A daycare collects sensitive information: family contact details, information about children, sometimes photos or health notes. Broadly, the law asks you to protect that information, collect only what’s necessary, and be transparent about how it’s used. Organization size doesn’t change the principle: a small daycare is concerned just as much as a large network.

Consent should be clear, freely given, and tied to a specific purpose. Two points come up often in childcare:

  • Photos: sharing children’s photos generally rests on explicit parental consent, and it should be possible to withdraw it.
  • Children under 14: in Quebec, consent for a child under 14 is generally given by the person with parental authority.

Data minimization

A simple principle: collect and share only what’s necessary. A communication tool, for example, doesn’t need to send medical notes or full records to third-party services that have no use for them. The less you accumulate, the less there is to protect.

Choosing vendors

When an organization entrusts data to software, it generally keeps responsibility for that information. Before selecting a vendor, it’s common to ask for:

  • a data processing agreement (covering sub-processing);
  • where data is hosted;
  • how confidentiality incidents are handled.

For a concrete set of checks, see our Law 25 compliance checklist.

A privacy officer and individual rights

The law generally provides for a person responsible for protecting personal information, and for individual rights: access, correction, and withdrawal of consent. It helps to know in advance who plays that role in your organization and how a request would be handled.

Photos, a special case

Children’s images are personal information in their own right. Sharing them through consumer channels (text groups, social media) makes it hard to control who sees them. The topic deserves its own best practices — see sharing daycare photos: consent and compliance.

Everyday best practices

  • Limit access to information by role (director, educator, parent).
  • Document your consents, especially for photos.
  • Keep information only as long as necessary.
  • Favour tools built for privacy from the start.

Product page: privacy & consent.

For more on everyday habits, see protecting children’s data in daycare.

In practice

Compliance comes down mostly to simple, regular habits, not a one-time project. These principles guide how MonGardy is built for Quebec daycares. Learn more or register.

Related articles

Ready to simplify family communication?

Invite-only onboarding. We set up your daycare within 1–3 business days — first year free for new daycares.

Register View pricing