W. Gregroy Voss (Toulouse Business School) has posted “The CCPA and the GDPR Are Not the Same: Why You Should Understand Both” to SSRN. Here is the abstract:
This article gives a comparative view of two main pieces of data privacy legislation from, respectively, California and the EU: the CCPA and the GDPR. While there are similarities between the two, there are differences, as well, providing challenges for compliance. For example, both instruments have extraterritorial effect, however only the GDPR is truly omnibus legislation given the CCPA carveouts for areas of federal legislation and its thresholds for application. Thus, this article aims to provide certain elements to be taken into consideration in evaluating legislation on both sides of the Atlantic.