A Comparative Study between the EU-GDPR and the US-CCPA

Abstract: The development of the Internet is the most significant reason as to why Regulation (EU) 2016/679 (General Data Protection Regulation / EU GDPR) with its improvements, applicable since 25th May 2018, is replacing the Directive (Dir.) 95/46/EC. Outside the EU, American California Privacy Act (CCPA) of 2018 was adopted. The choice of the topic was influenced, inter alia, by the fact that the United States (U.S.) is an important economic and trading partner to the EU. The purpose was to compare the two legislations with assistance from the comparative legal method and the research question ”What are the principal similarities and/or differences between the GDPR and the CCPA?” The main similarity between the two frameworks is the purpose and the content aiming at the data protection of a data subject (GDPR) and a consumer (CCPA). The main difference is the choice of the term - ”data subject” is broader comparing to ”consumer”. The GDPR contains a slightly better structure with its eleven chapters organised by themes, while the CCPA is lacking this feature. Overall, both frameworks are quite ”strong” due to the usage of the word ”shall” in the provisions.