Apply or not to apply?
A Comparative View on Territorial Application of CCPA and GDPR
Keywords:data protection, GDPR, CCPA, privacy, territorial scope
A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.
Andraško, J. (2017). Theoretical aspects of public administration electronic services. Bratislava Law Review, 1(2), 119-128, DOI: https://doi.org/10.46282/blr.2017.1.2.76.
Bennett, J. C. (1988). Different processes, One result: The Convergence of Data Protection Policy in Europe and the United States. In Governance: International Journal of Policy and Administration, 1(4), 415-441, DOI: https://doi.org/10.1111/j.1468-0491.1988.tb00073.x.
Berthoty, J. et al. (2018). Všeobecné nariadenie o ochrane osobných údajov. Praha: C.H. Beck.
Bignami, F. (2007). European Versus American Liberty: A Comparative Privacy Analysis of Antiterrorism Data Mining. Boston College Law Review, 48 (3), 609-698. Available at http://lawdigitalcommons.bc.edu/bclr/vol48/iss3/ (accessed on 20.03.2020).
Goldman, E. (2018). An Introduction to the California Consumer Privacy Act (CCPA). Available at https://www.ssrn.com/abstract=3211013 (accessed on 20.03.2020).
Kessler, J. (2019). Data Protection in the Wake of the GDPR: California’s Solution for Protecting “the World’s Most Valuable Resource.” Southern California Law Review, 93 (1), 99-128.
Kuner, Ch. (2013). Transborder Data Flow Regulation and Data Privacy Law. First edition. Oxford: University Press.
Levin, A. & Nicholson, M. (2005). Privacy law in the United States, the EU and Canada: The Allure of the Middle Ground. University of Ottawa Law and Technology Journal, 2(2), 357-395.
Solove, D. (2016). A Brief History of Information Privacy Law. In PROSKAUER ON PRIVACY, PLI, 2016 GWU Law School Public Law Research Paper No. 215. Available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=914271 (accessed on 20.03.2020).
Pernot-LePlay, E. (2020a). China’s Approach on Data Privacy Law: A Third Way Between the U.S. and the EU? Penn State Journal of Law & International Affairs, 8(1), 49-117.
Pernot-LePlay (2020b). EU Influence on Data Privacy Laws: Is the U.S. Approach Converging with the EU Model? Colorado Technology Law Journal, 18(1), 101-124.
Prosser, W. (1960). Privacy. California Law Review, 48 (3), 383-423, DOI: https://doi.org/10.2307/3478805.
Umhoefer, C. (2019). CCPA vs. GDPR: the same, only different. Intellectual Property and Technology News. April 11, 2020. Available at: https://www.dlapiper.com/en/us/insights/publications/2019/04/ipt-news-q1-2019/ccpa-vs-gdpr/ (accessed on 20.03.2020).
Zanfir, G. (2012). EU and US Data Protection Reforms. A Comparative View. European Integration Realities and Perspectives, the 7th Edition of the International Conference, 217-223. Available at: http://www.proceedings.univ-danubius.ro/index.php/eirp/article/viewFile/1305/1182 (accessed on 20.03.2020).
Warren, S. & Brandeis, L. (1890). The Right to Privacy. Harvard Law Review, 4(5), 193-220.
Annex to the Recommendation of the Council of 23rd September 1980: Guidelines governing the protection of privacy and transborder flows of personal data.
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the second annual review of the functioning of the EU-U.S. Privacy Shield, available at: https://ec.europa.eu/info/sites/info/files/report_on_the_second_annual_review_of_the_eu-us_privacy_shield_2018.pdf (accessed on 20.03.2020).
CJEU decision in Weltimmo v NAIH (C-230/14).
CJEU decision Google Spain SL, Google Inc. v AEPD, Mario Costeja González (C-131/12).
EDPB Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) Adopted on 16 November.
Article 29 Data Protection Working Party Update of Opinion 8/2010 on applicable law in light of the CJEU judgement in Google Spain.
How to Cite
Copyright (c) 2020 Bratislava Law Review
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
The Author(s) transfers copyright to the Article to the Publisher of the Journal by the Licence Agreement.
The Author(s) retains rights specified in the Licence Agreement.
The readers may read, download, copy, distribute, print, search, or link to the full texts of all of the Article of the Journal and use them for any other lawful purpose under specified Creative Commons Licence (CC BY-NC-ND 4.0).