What is the difference between GDPR and CCPA?
Here are the main differences between CCPA and GDPR:
|Type||Statutory and regulatory||Regulatory|
|Scope||Applies to for-profit businesses that hold personal information of California residents||Applies to businesses that hold personal data of EU/EEA residents|
|Personal data||Information that relates to an individual, household or device. Excludes publicly available personal information recorded by federal, state, or local government.||Data that relates to a living individual and is used for commercial purposes. Excludes publicly available information.|
|User rights||– Right to know about and access personal information
– Right to delete personal information
– Right to opt-out of the sale of personal information
– Right to non-discrimination for exercising the CCPA rights
|– Right to access personal data
– Right to correct personal data in case of inaccuracy
– Right to delete personal data
– Right to restrict personal data processing
– Right to port data to another controller
– Right to object to personal data processing
– Right to object automated data processing for decision making and profiling
|Opt-in necessary for data collection||No (unless the consumer is under 16 years old)||Yes|
|Right to opt-out||Yes||Yes|
|Age of consent||16. Parental consent is mandatory for consumers below 13 years.||16 (Member State laws can lower it to 13). Parental consent is mandatory for those who are below 16.|
|Fine||Up to $2,500 for each violation and $7,500 for each intentional violation.||– Up to €10 million or 2% of annual global turnover, whichever is highest, for less severe violations.
– Up to €20 million or 4% of annual global turnover, whichever is highest, for severe violations.
|Enforcer||California Attorney General||EDPB, EU Commission, and Member State data protection authorities.|