Despite having some similarities (like many of the user rights), the CCPA and the GDPR also differ significantly on quite a few issues, one of those being consent. First, let’s briefly recap what these two laws are:
But how is the CCPA different from the GDPR? Check out our infographic below:
For a more in depth comparison continue reading below.
CCPA | GDPR | |
---|---|---|
Applies to | Any for-profit business that targets Californian consumers and either
|
Any entities (non-profit or otherwise – including NGOs, individuals, and public entities) that target EU consumers, or which are based in the EU. |
B2B and B2C | Protections applied to consumers only. | No differentiation between protections applied to B2B and B2C (business to consumer) interactions, it simply applies its protections to “data subjects”, who are defined as any “identifiable natural persons” residing in the EU. |
Types of data protected | Any data that relates to, or is capable of being associated with a particular consumer or household, with the exception of public government records. | Any data that can lead to the identification of an individual. |
IP addresses considered as personal data |
CCPA | GDPR | |
---|---|---|
Right to be informed | ||
Right of access | ||
Right to portability | ||
Right to rectification | × | |
Right to to be deleted | ||
Right to object | Somewhat covered by the right to opt-out | |
Consent required before processing | Only in the case of minors and in cases of previous opt-out. | Yes, unless another legal basis legitimately applies. |
Option to opt-out or withdraw consent | Businesses must provide DNSMPI link and honor opt-out requests. | Users have both the right to withdraw consent and the right to object to processing (potentially applicable even in cases where the processing is justified using a legal basis other than consent). |
CCPA | GDPR |
---|---|
Fines of up to $7500 per individual violation. The CCPA also gives consumers the right to bring suit for damages. | Fines of up to EUR 20 M (22 M USD) or 4% of annual global revenue – whichever is greater, potential audits and sanctions. The GDPR also gives data subjects the right to sue if their rights were violated. |
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.