What is CCPA?

At least in Europe, most of us have already heard of GDPR – a regulation in EU law and the European Economic Area (EEA) – and its guidelines in regulating the protection of privacy and personal data.

One common question asked is the equivalence of GDPR outside the EU and how other countries, especially the United States, manage and protect personal data.

GDPR safeguards the information of anyone living in the EU, so if a US citizen is residing in any EU country, GDPR will apply to their personal data collected.

However, GDPR does not apply to US citizens living in the US; several federal and state-level privacy regulations in the US offer some similar protections. In particular, the California Consumer Privacy Act (CCPA) controls the collection of “personally identifiable information” from any person residing in California, which also includes any California residents who are EU citizens.

CCPA is a state law passed by the California State Legislature and signed into law in California on June 28, 2018. The Act provides Californian residents only the right to data protection and privacy and applies to any Californian-based business, including any profitable entity that collects consumers’ data.

The CCPA defines personal data as information associated directly with:

  • consumer’s name

  • phone number

  • address

  • billing address

  • IP address

  • social security number

  • passport number

  • license plate number

  • or any similar identifiers

The only exception is Personal Health Information and Financial Health Information, which adhere to the Health Insurance Portability and Accountability Act (HIPPA) and the Grammleach-Bliley Act.

The CCPA focuses on six primary rights for California residents:

  • The right to know what personal data is being collected

  • The right to know to whom their personal data is sold or disclosed

  • The right to refuse sales of their personal data

  • The right to access their personal data

  • The right to request a business to delete any personal information about a consumer collected from that consumer

  • The right not to be discriminated against for exercising their privacy rights

The CCPA has evolved immensely since its enactment in July 2020 and has continued to provide new challenges for company data protection officers ever since. Therefore, you should always be up-to-date on data protection issues. The best way to do this is with a flexible, dynamic data protection program that can smartly automate manual tasks.

2 comments

Comment

Log in or Sign up to comment
Taranjeet Singh
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
April 26, 2022

@Andreas Springer _Actonic_ Thanks for educating us on CCPA!

Gaby
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 26, 2022

I too send a THANK YOU for this easy to read and understand explanation of the CCPA. I am currently dealing more intensively with this topic.
Data protection is a very large field. At the following web address I found an international comparison, which I think gives a good overview of the basics of data protection and can be helpful for internationally oriented companies. The article is from 10/2019.

https://www.dr-datenschutz.de/studie-datenschutz-weltweit-wie-ist-der-aktuelle-stand/

In a recent article from 02/2022 it becomes clear that there are fundamental differences between the EU and the US.

https://www.datenschutz.org/usa/

greetings from bremen

TAGS
AUG Leaders

Atlassian Community Events