A year ago, we wrote about Europe’s General Data Protection Regulation, or GDPR. A year later, little has come to fruition as under-resourced European regulators are still struggling to comprehensively define their mission as they simultaneously attempt to pursue investigations they know will end up in front of the courts.
California has long been a leader in privacy protections. The state legislature began paving the way with their 2002 data security breach notification law and followed that with the 2004 law addressing privacy policies. Their latest effort is the California Consumer Privacy Act of 2018 (CCPA) that was signed into law on June 28, 2018, and will take effect January 1, 2020.
The General Data Protection Regulation (GDPR) was passed by the EU in 2016, establishing new rules for how companies manage and share consumer data. It was introduced to ensure that all data protection laws are applied uniformly throughout EU member countries. With GDPR, the definition of personal data has been expanded to include genetic, biometric (facial recognition and finger prints), location data, pseudonymized data, and online identifiers.