It includes much of a Quora answer that I wrote on this topic. Please seeÂ How does the California Consumer Privacy Act of 2018 compare to GDPR?
Disclaimer:Â This comparison, of necessity, is limited to the broadest generalizations. While the California Consumer Privacy Act or 2018 (â€œCCPAâ€)Â is of a respectable length, the EUâ€™s General Data Protection Regulation (â€œGDPRâ€)Â has 99 Articles, most with several Sub-articles – and thatâ€™s preceded by 173 lengthy paragraphs of recitals! Consequently,Â most of what follows is, in reality, subject to significant additional details, qualifications and exceptions that are too numerous to include here.
Now available for download: A four-page GDPR-CCPA comparison table that includes many more details than are in this post.
Over the years I have negotiated a number of international agreements, typically representing domestic clients. My more recent work with EU-based clients, however, has given me additional insights about the U.S. and other legal systems.
These clients have established technology businesses in Europe. Each recently set up operations here in the Bay Area and asked that I adapt existing agreements for use in the U.S. As I work with these clients, two differences between the U.S. and the European Union jump out at me.
Length of Agreements
First, in the U.S. we often have longer agreements. European contracts tend to rely on, and implicitly or explicitly incorporate, detailed statutory provisions that do not exist here in the U.S. Furthermore, agreements here tend to include more business details and legal protections in case the relationship sours and ends up in litigation. For example, one client shared its existing reseller agreement. I found the document charming in its brevity and the abundance of white space on the page. By the time I added everything that is considered normal here in the U.S., the new version had four times as many words!