Support Centre
US Privacy Laws
workspace-icon
Back

US Privacy Laws

Comply with US Privacy Laws

The enactment of the California Consumer Privacy Act of 2018 ('CCPA') on 1 January 2020 with an enforceability date of 1 July 2020 marked the first comprehensive US State privacy law, after which, an abundance of privacy-related legislation in the US, at both the federal and state level followed. While many bills fail to become law, four other States (Colorado, Virginia, Utah, and Connecticut) have now passed privacy legislation, and there is currently a federal bill, known as the American Data Privacy and Protection Act ('ADPPA') making its way through Congress. Significantly, the ADPPA marks the first federal privacy bill to gain both bipartisan and bicameral support. If enacted, it would preempt the majority of state and local laws, invalidating any similar provisions therein.

With the US now having five comprehensive State privacy laws and a federal bill in the works compliance has become a complex issue for privacy professionals.

OneTrust DataGuidance's team of in-house Privacy Analysts work with our external network of contributors to provide you with daily updates and in-depth insight articles so you can stay on top of all relevant developments in the US.

Our State Law Tracker, allows you to easily compare requirements introduced by comprehensive privacy bills in different US states and understand how potential laws might affect your operations.

In addition, our Sectoral Privacy Overview Comparison gives you detailed information on the existing privacy frameworks in multiple states, all provided by our external network of experts.

Entry into Effect Dates

California

Colorado

Connecticut

Utah

Virginia

 

US Privacy Law Comparison Report

Videos and Webinars

Sectoral Privacy Overview

USA Sectoral Privacy Overview

  • There is a law/restriction/exemption in place.
  • Click to view information for additional detail.
  • There is no law/requirement/exemption in place.

This Comparison is part of an ongoing OneTrust DataGuidance project, which will be expanding over time. Current non-inclusion of certain US States does not preclude the applicability of specific privacy-related laws within those States.

Compare Reset
    title
  • Constitution
  • Key Privacy Laws
  • Health data
  • Financial data
  • Employment data
  • Online privacy
  • Unsolicited Commercial Communications
  • Privacy Policies
  • Data Security
  • Other
  • Alabama
  • Alaska
  • Arkansas
  • Colorado
  • Connecticut
  • Delaware
  • District of Columbia
  • Florida
  • Georgia (US)
  • Hawaii
  • Indiana
  • Kansas
  • Louisiana
  • Maine
  • Maryland
  • Massachusetts
  • Michigan
  • Minnesota
  • Mississippi
  • Nebraska
  • New Hampshire
  • New Jersey
  • New Mexico
  • New York
  • Oklahoma
  • Oregon
  • Pennsylvania
  • Rhode Island
  • South Carolina
  • Tennessee
  • Texas
  • Vermont
  • Virginia
  • Washington
  • West Virginia
  • Wisconsin

GDPR CCPA Comparison

GDPR CCPA Comparison

DataGuidance, in collaboration with The Future of Privacy Forum, undertook this research to assist organisations in understanding and comparing the relevant provisions of the GDPR and the CCPA. This Chart provides a comparison of the two pieces of legislation on the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the two laws, a summary of the comparison, and a detailed analysis of the similarities and differences between the GDPR and the CCPA. The degree of similarity for each section can be identified using the key.

The information in the Chart is also available in a free Report, which you can download here.

Consistency key

The GDPR and CCPA bear a high degree of similarity in the rationale, core, scope, and the application of the provision considered.

The GDPR and CCPA bear a high degree of similarity in the rationale, core, and the scope of the provision considered; however, the details governing its application differ.

The GDPR and CCPA bear several differences with regard to scope and application of the provision considered, however its rationale and core presents some similarities.

The GDPR and CCPA bear a high degree of difference with regard to the rationale, core, scope and application of the provision considered.

Scope

Compare Reset
    title
  • Personal scope
  • Territorial scope
  • Material scope
  • California
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

Rights

Compare Reset
    title
  • Right to Deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • California
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

Enforcement Benchmark

Compare Reset
    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia
    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

  • Belarus
    • Fairly inconsistent

    • Fairly consistent

    • Fairly inconsistent

  • Brazil
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • California
    • Fairly inconsistent

    • Fairly consistent

    • Fairly inconsistent

  • Canada
    • Fairly inconsistent

    • Fairly consistent

    • Fairly inconsistent

  • Cayman Islands
    • Fairly consistent

    • Fairly inconsistent

    • Fairly inconsistent

  • China - CSL
    • Inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • China - PIPL
    • Fairly consistent

    • consistent

    • Fairly inconsistent

  • China - Specification
    • Inconsistent

    • Inconsistent

    • Fairly consistent

  • DIFC - 2007
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • DIFC - 2020
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Ghana
    • Fairly inconsistent

    • Fairly consistent

    • Fairly inconsistent

  • Hong Kong
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • India
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Israel
    • Inconsistent

    • Fairly consistent

    • Fairly consistent

  • Japan
    •  Fairly inconsistent

    • Fairly consistent

    • Fairly inconsistent

  • Kenya
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • Macau
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

  • Malaysia
    • Fairly inconsistent

    • Fairly consistent

    • Inconsistent

  • Mexico
    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

  • Moldova
    • Inconsistent

    • Consistent

    • Fairly consistent

  • New Zealand - Privacy Act 1993
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • New Zealand - Privacy Act 2020
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Nigeria
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

  • Pakistan
    • Fairly inconsistent

    • Fairly consistent

    • Inconsistent

  • Philippines
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • Russia
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • Saudi Arabia
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Singapore
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • South Africa
    • Fairly Inconsistent

    • Fairly consistent

    • Fairly consistent

  • South Korea
    • Fairly inconsistent

    • Fairly consistent

    • Consistent

  • Sri Lanka
    • Fairly inconsistent

    • Fairly consistent

    • Inconsistent

  • Switzerland
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

  • Taiwan
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

  • Thailand
    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

  • Turkey
    • Inconsistent

    • Fairly consistent

    • Fairly consistent

  • UAE - ADGM
    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Uganda
    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

  • Ukraine
    • Fairly consistent

    •  Fairly inconsistent

    • Fairly consistent