Jump to...
1. The European Union – GDPR
The EU member countries developed the General Data Protection Regulation (GDPR) in April 2016, a law that went into effect on May 25, 2018, replaces the Data Protection Directive of 1995 and focuses on making organizations more transparent in their dealings with user data, expanding user privacy rights in terms of personal data. The objective was to come up with a single legislation applicable across member EU countries that give control over personal data back to citizens and residents.
The coverage of the GDPR involves every individual resident in any of the EU countries as well as any location outside of the EU where the data of EU citizens is being possessed – including organizations in the EU, those outside the EU that handle EU citizens data and those that help EU organizations handle EU citizen data. The GDPR is noted to be the toughest privacy and security law in the world. The GDPR adopts an opt-in option to control their data. Users get to determine what happens with their personal information and place limits on what organizations can do with personal data.
2. The United States of America
The United States, unlike the EU, does not have a central federal-level privacy law. Instead, there are state-level privacy laws and several vertically focused legislations for some industries. State-level laws in the US include the California Consumer Privacy Act (CCPA) which is the most comprehensive internet data privacy law in the United States, designed to pursue the goal to extend consumer privacy protections to the internet. It protects the residents of California. Others include the Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act (CPA) which protect the residents of Virginia and Colorado respectively. In comparison with the GDPR, US state laws make use of the opt-out option for users to control their data.
Vertical legislations in the US include…
- Health Insurance Portability and Accountability Act (HIPAA): an act passed in 1996 for the regulation of health insurance.
- Family Educational Rights and Privacy Act (FERPA): a federal law that protects the privacy of student education records.
- Children’s Online Privacy Protection Act (COPPA): a law that prohibits companies on the internet from requesting personal identifiable information (PII) from children (twelve years and under).
- Gramm-Leach-Bliley Act (GLBA): a financial law with data privacy and security sections that protects nonpublic personal information (NPI) – information collected about an individual in connection with providing a financial product or service unless that information is otherwise publicly available.
