With our growing dependence on digital platforms, sharing our personal data like name, phone number, email, address, credit card numbers have become a norm. We provide all our details when we buy something through Amazon, subscribe to a newsletter on a website, buy a new telephone connection or generally surf the internet. The need for the protection of our personal data is felt more than ever and every country is now coming out with laws to protect personal data of individuals.
California Consumer Privacy Act (CCPA), Texas Privacy Protection Act (TXPPA) and General Data Protection Regulation (GDPR) are some such laws that companies need to comply with. Since these have many overlapping requirements, these create a lot of confusion for the companies. All of these laws are primarily data privacy laws aimed at the protection of personal data of consumers. All these laws provide consumers with a number of rights allowing them to have more control over their personal information. All these data protection laws have many similar rules and certain key differences which should be understood well to help companies comply with these laws.
Here we compare the 3 laws to help you understand each of these on different aspects:
GDPR protects the rights of data subjects which is defined as “an identified or identifiable natural person” while CCPA takes a broader view of data to be protected. CCPA definition extends to household, device or business and is not just confined to data of an individual. TXCPA also extends to households but this is not very clearly defined yet.
TXCPA and CCPA would only apply to some businesses, which would meet certain thresholds while GDPR applies to all companies that process EU citizens’ data.
In CCPA, employees are temporarily excluded from most of the CCPA’s protections, except two areas which are (i) providing notice at the collection, and (ii) notification on data breach caused by a business’s failure in protecting the data of the employees. GDPR applies to all natural persons including employees, suppliers, customers, etc. TXCPA is yet to come out with clarity in this area.
While most of the rights are more or less similar in all the laws, there are some differences that need to be understood in detail. For example, Rights of Deletion in CCPA is less stringent than GDPR. Business can always claim fulfilment of a contract or legal obligation. Overall, GDPR is more comprehensive than CCPA and TXCPA.Share this on...