CCPA Vs GDPR

| | 2 min read

California Consumer Privacy Act became effective on January 1, 2019. 2 years before, Europe implemented GDPR. Even though both are personal data protection laws, they are ideologically different. Through this article, we are exploring the factors that differentiate CCPA from GDPR.

GDPR

CCPA

Effective From 25-May-2018

Effective From 01-January-2020

Personal data protection law applicable for EU States.

Personal data protection law passed by the State Of California.

Only protects natural persons (individuals) and does not cover legal persons.

Only protects natural persons (individuals) and does not cover legal persons.

Applies to the “processing” of personal data.

Applies to “collecting” personal information and “selling” or “sharing” it.

Does not exclude specific categories of personal data from its scope of application

Specifically excludes from its scope of application collecting and sharing of some categories of personal information like Medical data, publicly available personal information, etc

Does not apply to “anonymised” data, where the data can no longer identify the data subject.

Does not apply to “de-identified” information or “aggregate” consumer information.

Creates a door for the EU users to lock data prior to any data processing.

Creates a window for the Californian consumer to open and find out what personal data has already been obtained by a business or sold to a third party.

The GDPR does not define “child,” although it recognizes children as “vulnerable natural persons” that merit specific protection with regard to their personal data.

The CCPA does not define “child.” The CCPA, however, ensures opt-in rights for minors under the age of 16


Like to dive deep into the subject, reach to your consultants to take advice on how to implement CCPA in your website/mobile application.

Reference

Data Guidance, Comparing privacy laws: GDPR v. CCPA, Accessed on December 2019