CCPA Vs GDPR
California Consumer Privacy Act became effective on January 1, 2019. 2 years before, Europe implemented GDPR. Even though both are personal data protection laws, they are ideologically different. Through this article, we are exploring the factors that differentiate CCPA from GDPR.
GDPR |
CCPA |
Effective From 25-May-2018 |
Effective From 01-January-2020 |
Personal data protection law applicable for EU States. |
Personal data protection law passed by the State Of California. |
Only protects natural persons (individuals) and does not cover legal persons. |
Only protects natural persons (individuals) and does not cover legal persons. |
Applies to the “processing” of personal data. |
Applies to “collecting” personal information and “selling” or “sharing” it. |
Does not exclude specific categories of personal data from its scope of application |
Specifically excludes from its scope of application collecting and sharing of some categories of personal information like Medical data, publicly available personal information, etc |
Does not apply to “anonymised” data, where the data can no longer identify the data subject. |
Does not apply to “de-identified” information or “aggregate” consumer information. |
Creates a door for the EU users to lock data prior to any data processing. |
Creates a window for the Californian consumer to open and find out what personal data has already been obtained by a business or sold to a third party. |
The GDPR does not define “child,” although it recognizes children as “vulnerable natural persons” that merit specific protection with regard to their personal data. |
The CCPA does not define “child.” The CCPA, however, ensures opt-in rights for minors under the age of 16 |
Like to dive deep into the subject, reach to your consultants to take advice on how to implement CCPA in your website/mobile application.
Reference
Data Guidance, Comparing privacy laws: GDPR v. CCPA, Accessed on December 2019