The European Union (EU) Data Protection Directive (DPD) regulates the processing and free movement of personal data within the EU. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) regulates the consent and use of personal data. These were among the first privacy laws to be enacted. But the General Data Privacy Regulation (GDPR) from the EU, which protects consumer data of EU residents, is the law that attracted the most international attention.
Since these laws were enacted, many other countries are putting in place their own additional privacy laws. Here are just a few examples:
- Canada: Personal Health Information Protection Act (PHIPA)
- Australia: Consumer Data Rights (CDR)
- China: Right of Privacy and Personal Information Protection as part of the Cyber Security Law
- India: Personal Data Protection Bill (PDPB)
- Brazil: Lei Geral de Proteção de Dados / General Personal Data Protection Law (LGPD)
- United States: California Consumer Privacy Act (CCPA)
The GDPR covers data protection and privacy in the European Union and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA. It provides guidelines for data transparency, purpose limitation, data minimization, accuracy, storage time limitations, integrity and confidentiality, and accountability by a data controller or data protection officer. The GDPR essentially creates a privacy framework. For example, to comply with Article 25 of GDPR, companies must implement “privacy by design” principles, which state privacy should be considered at every point in the process. The GDPR imposes fines on organizations that don’t adhere to its data protection and privacy laws
The CCPA received a lot of attention because it’s the first strong privacy regulation in the U.S. It ensures several privacy rights to consumers who live in California, and it affects organizations worldwide that serve California residents. Its main goal is to give California residents control of their personal information and how it is used. To achieve this, it introduces five fundamental rights: The right to disclosure, to deletion, to access, to opt-out, and to nondiscrimination. In addition, CCPA introduces significant fines and sanctions for noncompliance, and is applicable to businesses based in California, and potentially any business offering services to California residents.