GDPR and the CCPA


According to the EU's website, the EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/C and is designed to:

  • Harmonize data privacy laws across Europe

  • Protect and empower all EU citizens data privacy

  • Reshape the way organisations across the region approach data privacy.


Driven by the continued rise in consumer data breaches and growing privacy concerns, the State of California has passed the California Consumer Privacy Act (CCPA). The law will significantly strengthen privacy in the U.S. when it goes into effect on Jan. 1, 2020.


The law is part of a global trend toward stronger privacy protections and greater data transparency, of which the Canadian Anti-Spam Law (CASL) and the General Data Protection Regulation (GDPR) are a part. 

The CCPA focuses exclusively on data collection and privacy, and is roughly in line with the provisions of GDPR on those issues.

The key components of the CCPA are:

  • Know what personal information is being collected about them.

  • Know whether their personal information is sold or disclosed and to whom.

  • Say no to the sale of personal information.

  • Access their personal information.

  • Equal service and price, even if they exercise their privacy rights.

The CCPA may evolve in time because it was written and passed very quickly, and many questions have already been brought up about various loopholes and how certain provisions will be enforced. For instance, serious concerns have been raised about the provision that allows a business to “offer a different price, rate, level, or quality of goods or services to the consumer if that price or difference is directly related to the value provided to the consumer by the consumer’s data.” That provision seems in direct contradiction to the right to equal service and price.


You can expect that the State of California will issue revisions and amendments before the consumer privacy act goes into effect in 2020.