What is a key difference between GDPR and CCPA?

• A. GDPR applies only to California-based companies.
• B. GDPR governs EU data privacy broadly; CCPA focuses on California consumer privacy rights and data sales.
• C. GDPR focuses on data privacy within the UK; CCPA is a global data protection law.
• D. GDPR permits unlimited data sharing; CCPA prohibits all data collection.

Answer: (B)

The main idea here is the scope and focus of the two laws. GDPR covers data privacy across the European Union in a broad, comprehensive way, applying to the personal data of individuals in the EU and even to organizations outside the EU if they handle EU residents’ data. It emphasizes broad rights for data subjects and strict processing rules, with substantial enforcement powers and penalties.

In contrast, the California Consumer Privacy Act concentrates on California residents, with a specific emphasis on the ability to know what data is collected, the right to delete, and the right to opt out of the sale of personal information. It’s more focused on consumer rights related to data sales and access than on the wide-ranging, consent-based processing model that GDPR often requires.

So the correct distinction is that GDPR governs EU data privacy broadly, while CCPA centers on California residents’ privacy rights and data sales. The other statements misstate the scope (GDPR isn’t just California) or the nature of what each law regulates (GDPR isn’t about unlimited data sharing).