Data Privacy Regulation FAQs

Data Privacy Regulation FAQs

what is data privacy regulation
What is GDPR?

The General Data Protection Regulation (GDPR) was announced in the spring of 2016, imposing strict requirements on businesses regarding their consumer data practices. GDPR went into effect on May 25th, 2018 and since then has held businesses accountable for the way they track online users, handle user consent, and share data with third-party entities. Under GDPR, they are also accountable for the way consumer data is used when it passes into the hands of a third-party and obligated to ensure that it is always protected.

GDPR emerged in the context of increased consumer awareness regarding information privacy and personally identifiable information (PII) which is collected by advertisers through the use of cookies, and other tracking technology across websites and mobile apps. While this law was enacted by the European Union, it also applies to the United States and any country in the world that “serves” (collects data belonging to) EU residents.

What is the CCPA?

The California Consumer Privacy Act (CCPA) protects residents of California and gives them more control of the personal information that business collect from them. CCPA gives California consumers the right to:

  • Find out what personal information has been collected
  • Find out whether this information has been sold or disclosed to another entity
  • Opt-out of the sale of their information
  • To request deletion of their personal information
  • Equal service and price no matter how they exercise the rights defined under CCPA

Like GDPR, the CCPA holds businesses accountable for the way consumer data is used even when it passes into the hands of a third-party entity. As long as they are serving California residents, they are also responsible for the way their websites and mobile apps operate and store that information, even when the code is not owned or operated (O&O) by the business. Read more about the impact to consumers.

What should I know about data privacy regulations

“Data privacy regulation” encompasses laws both enacted and proposed which enforce policies regarding the way that businesses store and use consumer data, and the way they share it with or sell it to third-party entities. So-far, data-privacy regulations like the GDPR and CCPA are considered to apply outside the countries in which they are passed, and have a global scope that impacts any organization that collects consumer data from residents/citizens of those countries. In the U.S, there is currently no data privacy legislation at a national level. However, businesses operating in the U.S must adhere to the GDPR if they do business with consumers living in the E.U.

In practice, almost any business that depends on a website or mobile app for any portion of its revenue – including publishers, retailers, eCommerce and entertainment sites – must follow both the GDPR and CCPA, which are similar enough that a single set of policies is usually sufficient for both. Under both laws, organizations are responsible for the way consumer data is used even when it passes into the hands of a third-party entity. As long as they are serving California residents, they are also responsible for the way their websites and mobile apps operate and store that information, even when the code is not owned or operated (O&O) by the business.

More FAQs from Digital3PC

Dangers Third-party Code

 


Digital3PC.com is an independent platform that brings together the best minds from tech, government, research, and academia to shape the future of cybersecurity policy and offer best practice solutions when responding to cyber threats. The most common access point for malware spread, data breaches, IP theft, election meddling, disinformation campaigns, and cyberwarfare is malicious third-party code (3PC) that makes its way into our websites, apps, and IoT devices. The compromise of the digital ecosystem erodes user trust and the credibility of media organizations, and undermines the integrity of our democracy, economy, and public safety.