Laws such as CCPA and GDPR have been designed keeping the ‘privacy’ aspect in mind. With many privacy violations rocking the business world, the design and implementation of CCPA and GDPR have become imperative.
CCPA is ‘California Consumer Privacy Act’ and is slated to come into effect on Jan 1, 2020 and ‘GDPR’ is ‘General Data Protection regulation’ that came into effect on May 25, 2018. Both of these laws have been designed keeping in mind the rising concerns against data collection, data dissemination and data retention of various organizations. Let us view some of the similarities and differences between CCPA and GDPR:
- At the crux of both the laws is the need to enhance and bolster the data privacy laws
- They both come into effect when businesses start collecting personal information about their citizens
- Both the laws enable their citizens to access the data that is collected about them, correct them and also allow them to delete the data.
Let us see the differences of the CCPA and GDPR below:
A1. Broad outlines of CCPA and GDPR:
- The CCPA specifies privacy laws but only for citizens of the Golden State. It gives the citizens of California:
- the right to know what information is collected about them and their family
- the right to say “No” to the sale of their information, and
- the right for the individuals to let businesses face serious repercussions if their privacy is violated.
- GDPR also specifies privacy laws but only for the citizens of EU. There are seven principles that are laid out in GDPR that are expected to be followed by businesses when processing the personal data of EU citizens. They are
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
- The CCPA only applies to all businesses that earn $50,000,000 a year in revenue or businesses that sell 100,000 consumer’s records each year or businesses that derive 50% of their annual revenue by selling personal information who are based in California. It also affects businesses if they are collecting information about Californians irrespective of whether they stay outside the state or outside the country(if your business is outside California but you collect personal information about California citizens, then the law applies to you as well)
- The GDPR safeguards the privacy of all individuals of the European Union. It not only gives guidelines for businesses but also for public bodies/institutions/not-for-profit organizations that operate within the EU and who process the personal details of the citizens of EU. Again, it gives specific guidelines for businesses that operate outside the EU but who process the personal information of the EU citizens.
A3. Fines and penalties:
- For minimum infringement of GDPR laws, organizations can be fined an amount of up to 10 million euros or if it is an undertaking, they will be fined an amount of 2% of global turnover of the previous fiscal year.
- On the other hand, CCPA non-compliance can have fines up to $2500/violation increasing to $7500/violation
- When implementing GDPR businesses are required to ask their customers whether they would like to “opt-in” for data collection or not.
- On the other hand, CCPA recommends businesses to ask their citizens if they would like to “opt-out” of data collection.
These are some of similarities and differences of CCPA and GDPR. It is hoped that both of these will safeguard the innocent citizens from data privacy violations.