GDPR and CCPA – What Do They Mean for User Privacy?
Aside from sharing details, tips, and tricks on how to use a VPN to enhance online security and privacy, at ZoogVPN, we also want to keep you informed on all of the most important online news and legislation. As the topic of privacy continues to grow in the online world, so do the concerns related to data privacy and security. Privacy experts are predicting that information privacy will become the most important issue in the decade ahead of us, and the two significant legislative acts – the GDPR and the CCPA. In this week’s Zlog, we’ll take a look at GDPR and CCPA, compare the two and analyze how they can contribute to user protection on the Internet.
GDPR and CCPA
GDPR builds on a two-decade policy, and precisely spells out the data rights of every citizen in the European Union. It is one of the most robust data privacy laws to date and is generally considered one of the most important online privacy laws towards securing user data protection. The GDPR protects the personal data of every EU citizen, regardless of whether the company has collected this information from the user over the internet or in person.
The California Consumer Protection Act, more commonly known as the CCPA, is the first online privacy act in the US. It is widely considered as the “US’s GDPR” and draws a lot of similarities from this European law. It was introduced in January last year, and its implementation will start on January 1st, 2020. The intentions of CCPA are very similar to those of GDPR, which we will take a look later in this post.
Who They Affect
These two laws can cause a lot of headaches to companies that fail to comply with them. But what do they mean for the users? With the GDPR, and very soon the CCPA, customers finally have a reliable mechanism through which they can request to access their data and delete information from sites and businesses that have collected it. Companies that collect personal information without the knowledge and consent of the users are automatically breaking GDPR and CCPA compliance rules and can suffer severe fines.
Similarities and Differences
GDPR and CCPA both aim to define the way user data is handled. Both laws signify the importance of businesses being transparent with users and offering them clear explanations for the use of personal information. They aim to reshape how businesses and companies think about user data and define the data lifecycle. With that said, although GDPR and CCPA are the same at these core ideas, there are some differences you should care about if you’re from the US or EU. Here are some of the biggest distinctions between the two:
- Use of Consumer Data – GDPR compliance rules establish that personal processing data is illegal. CCPA regulation doesn’t strictly prohibit the processing of personal data but does insist that businesses must provide users a way to opt-out of this.
- Subjects to Regulation – As we mentioned above, GDPR applies to any business in the world that provides its goods or services to EU citizens. The CCPA also applies to every company that does business with Californian citizens, provided that it earns 50% percent of its revenue from selling user data or has a gross yearly revenue of over $25 million.
- The Data Itself – CCPA’s definition of data is more precisely defined. GDPR considers data as any information that can be used to identify a person
- Right to Opt-out and be Forgotten – GDPR doesn’t directly restrict companies from selling personal information. CCPA provides users with the mechanism to opt-out from having their personal information sold.
- Penalties – The penalties and fines for non-compliant businesses differ significantly between the two laws. GDPR penalizes businesses with 20 million Euros per violation, or 4% of annual income, whichever is higher. On the other hand, CCPA penalizes companies with $7,500 per violation.
How GDPR and CCPA Are Pioneering Global Privacy Protection
In the end, it remains to be seen just how much the rest of the world will benefit from GDPR and the CCPA. One thing is for sure, these two laws have had a massive role in getting the conversation going about user privacy protection. Several US States have already started drafting their versions of CCPA. Even some global companies, such as Facebook, have changed their privacy tools and settings to comply with the GDPR.