CCPA Vs GDPR
California Consumer Privacy Act became effective on January 1, 2019. 2 years before, Europe implemented GDPR. Even though both are personal data protection laws, they are ideologically different. Through this article, we are exploring the factors that differentiate CCPA from GDPR.
|
GDPR |
CCPA |
|
Effective From 25-May-2018 |
Effective From 01-January-2020 |
|
Personal data protection law applicable for EU States. |
Personal data protection law passed by the State Of California. |
|
Only protects natural persons (individuals) and does not cover legal persons. |
Only protects natural persons (individuals) and does not cover legal persons. |
|
Applies to the “processing” of personal data. |
Applies to “collecting” personal information and “selling” or “sharing” it. |
|
Does not exclude specific categories of personal data from its scope of application |
Specifically excludes from its scope of application collecting and sharing of some categories of personal information like Medical data, publicly available personal information, etc |
|
Does not apply to “anonymised” data, where the data can no longer identify the data subject. |
Does not apply to “de-identified” information or “aggregate” consumer information. |
|
Creates a door for the EU users to lock data prior to any data processing. |
Creates a window for the Californian consumer to open and find out what personal data has already been obtained by a business or sold to a third party. |
|
The GDPR does not define “child,” although it recognizes children as “vulnerable natural persons” that merit specific protection with regard to their personal data. |
The CCPA does not define “child.” The CCPA, however, ensures opt-in rights for minors under the age of 16 |
Like to dive deep into the subject, reach to your consultants to take advice on how to implement CCPA in your website/mobile application.
Reference
Data Guidance, Comparing privacy laws: GDPR v. CCPA, Accessed on December 2019
