I decided to take on this project to get back into programmer mode during the holiday break. Coding for real — meaning without eating, sleeping, knowing what day it is, or taking a shower! I have a lot of admiration for those who do it for a living.
That said, here is the result — the tool: loi25.certi360.com
It is difficult to get a complete picture of a website’s compliance with Bill 25 on the protection of personal information in the private sector, which is why I tried to automate the process.
It is important to know that the law requires that the minimum reasonable effort be made to protect the collection of personal information and that there be consent to collection.
Attention: the tool is certainly not legal advice; it has bugs and does not always correctly detect certain items.
What the tool does
The tool analyses what is observable on a website. It is built on five test blocks with sixteen verification modules.
Domain and email configuration analysis This block examines what the domain name reveals publicly. Hosting. WHOIS information. DNS configuration. Email settings.
It notably helps identify where the site is hosted, whether there are visible indicators of transfers outside Quebec or Canada, and whether the email configuration exposes obvious weaknesses. The result produces a factual technical view. Not a legal conclusion.
TLS encryption analysis This block verifies how communications are protected between the browser and the site. TLS certificate. Protocols used. Weak or obsolete configurations.
It produces a clear assessment of observable encryption robustness. This is a direct indicator of the seriousness accorded to protecting data in transit.
Security headers and exposed technologies analysis This block inspects HTTP security headers and publicly detectable technologies.
It highlights the absence or presence of protection mechanisms against common attacks. It also identifies certain technologies in use to contextualize visible risks.
Cookie and consent analysis This block observes cookie usage on the site. Presence of cookies. Third-party cookies. Consent banner behaviour.
It verifies whether navigation is possible without accepting non-essential cookies. It highlights visible inconsistencies between stated policy and actual site behaviour.
Privacy policy analysis This block attempts to automatically locate the privacy policy. Then analyse its content.
The analysis verifies the presence of elements expected under Bill 25. Collection. Use. Individual rights. Sharing with third parties. Transfers. Retention. Responsible party.
Test your site
The tool is free. No registration required.
You enter a domain name. You run the analysis. In a few minutes, you see what your site is telling the world.
Try it. Look at the results. And above all, take the time to understand them.