At least in Europe, most of us have already heard of GDPR – a regulation in EU law and the European Economic Area (EEA) – and its guidelines in regulating the protection of privacy and personal data.
One common question asked is the equivalence of GDPR outside the EU and how other countries, especially the United States, manage and protect personal data.
GDPR safeguards the information of anyone living in the EU, so if a US citizen is residing in any EU country, GDPR will apply to their personal data collected.
However, GDPR does not apply to US citizens living in the US; several federal and state-level privacy regulations in the US offer some similar protections. In particular, the California Consumer Privacy Act (CCPA) controls the collection of “personally identifiable information” from any person residing in California, which also includes any California residents who are EU citizens.
CCPA is a state law passed by the California State Legislature and signed into law in California on June 28, 2018. The Act provides Californian residents only the right to data protection and privacy and applies to any Californian-based business, including any profitable entity that collects consumers’ data.
The CCPA defines personal data as information associated directly with:
consumer’s name
phone number
address
billing address
IP address
social security number
passport number
license plate number
or any similar identifiers
The only exception is Personal Health Information and Financial Health Information, which adhere to the Health Insurance Portability and Accountability Act (HIPPA) and the Grammleach-Bliley Act.
The CCPA focuses on six primary rights for California residents:
The right to know what personal data is being collected
The right to know to whom their personal data is sold or disclosed
The right to refuse sales of their personal data
The right to access their personal data
The right to request a business to delete any personal information about a consumer collected from that consumer
The right not to be discriminated against for exercising their privacy rights
The CCPA has evolved immensely since its enactment in July 2020 and has continued to provide new challenges for company data protection officers ever since. Therefore, you should always be up-to-date on data protection issues. The best way to do this is with a flexible, dynamic data protection program that can smartly automate manual tasks.
Andreas Springer _Actonic_
Head of Marketing
Actonic GmbH
Germany
2 accepted answers
2 comments