In today’s globalized digital economy, companies collect, process, and use personal data from users at an ever-increasing rate from multiple sources. The internet of things and the mass evolution of technology in people’s lives have created an immense amount of personal data collected by companies, in a relatively short period of time. This issue has become highly sensitive for people all around the world. As a response to this phenomenon, better and more comprehensive regulations of the rights to privacy and data protection have been demanded. Under this context, the European Union’s General Data Protection Regulation 2016/679 (“GDPR”) entered into effect on 25 May 2018 and the California Consumer Privacy Act of 2018 (“CCPA”) came into effect on the 1st of January, 2020. Bad data privacy practices harm not only consumers but also companies which can suffer great liabilities for infringements to any of these two legal frameworks. Each jurisdiction has adopted its own approach to regulate and impose penalties on infringers of data privacy rules, and therefore, protect consumer rights. Even though the goal of these two laws is to protect personal data and the right to privacy, differences appear evident between both of them, as their approaches to certain conceptual topics are just a reflection of how the European Union on one side, and California in the other, understand what are the key principles upon which their societies should develop when it comes to data privacy and the relation between businesses and data subjects.
This thesis aims to compare the GDPR and the CCPA in its most important guiding principles and rules, to establish the main differences and commonalities between the most comprehensive legal frameworks dealing today with data privacy in the world. By contrasting the GDPR and CCPA scopes of application, legal basis, concepts of data transfers, rights of users, and damages regulations, a consistency rate will be delivered in each chapter. The consistency rate will be determined by the relevance of the differences or similarities in each topic. Relevant legislation, case law, and literature are compared and discussed to outline the differences and commonalities in both approaches undertaken.