When it comes to data protection laws, the United States has long lagged behind Europe, whose General Data Protection Regulation (GDPR) came into effect in 2018 as the gold standard in data protection.
Also, in 2018, California passed the California Privacy Protection Act, further expanding it to the California Privacy Rights Act (CPRA) in 2020. In August 2022, a new federal bill — the American Data Privacy and Protection Act (ADPPA) — passed Congress with a landslide 53-2 vote. The proposed federal law is similar to the CPRA but contains a few key differences that have Californian data privacy advocates concerned.
What are the compliance implications for businesses with both state and federal data privacy laws running in tandem? Is ADPPA’s preemption of state privacy laws good for businesses and consumers? Read on to learn more about the two bills, their differences and what it would mean for businesses if federal law preempts state laws.
What Do Both the California and Federal Laws Have in Common?
Who is Included
Businesses that handle consumer data must adhere to these laws. CPRA only pertains to businesses and consumers in California. The ADPPA — if passed — would cover businesses across the United States.
Collecting and Sharing Data
Both laws restrict how much personal data a business can collect from consumers and that they only collect data necessary to provide the service. Consumers can opt out of both unnecessary data collection and any data sharin ..
Support the originator by clicking the read the rest link below.
