In 2018, the California legislature took the digital world by storm with the passing of the California Consumer Privacy Act (CCPA) — a new law designed to give consumers in California greater rights over their data.
By granting users the right to find out what information companies collect about them, and establishing consequences for businesses that fail to adequately protect user data, the CCPA marks a radical shift in US data privacy legislation.
Under the CCPA, Californians also have the right to learn if their data is being sold, the option to refuse this sale, and the ability to access any personal information that companies hold about them.
Perhaps most notably, for the first time, consumers will be able to file lawsuits based on claims of loss of privacy, instead of loss of money or property, in the event of a data breach.
The CCPA draws inspiration from the EU’s sweeping privacy law, the General Data Protection Regulation (GDPR). Often referred to as the California GDPR, the CCPA shares several key principles with this European law, including steep fines for noncompliance.
Companies can be fined $750 per individual for each CCPA violation. Although this might not seem a large amount, data breaches typically affect thousands of users, so the cost of negligence quickly adds up.
Most companies that conduct their operations online are subject to comply with one — or both — of these laws. Although the CCPA and GDPR share certain similarities, compliance differs in several key areas, like how to obtain user consent or what new rights users have.
Termly’s CCPA vs GDPR infographic visually compares the essential requirements of these two game-changing privacy laws. Check it out below to learn more about users’ new rights and how businesses can comply.
You can also check out Termly’s GDPR for Dummies infographic — a 100% plain English explanation of this complex European privacy law.