So, you’re a business in the 2020s. You need to know about privacy law.
Well, the problem is that the Internet is global - and there’s no international data protection law regulating how companies handle consumer data. So, privacy law is complex - but it’s good to know what the major laws are, and where and when they apply. (And knowing this will make you seem pretty smart, and very cool at the right parties…)
Okay, let’s go. We’ve got:
- GDPR
- US - CCPA/CPRA, CT, VA, CO, UT
- LGPD
- PIPL
- The federal Privacy Act 1988 and and the APPs
- PIPEDA
The GDPR, the General Data Protection Regulation, applies in Europe - including The European Union, the UK (under the UK GDPR), and most non EU countries in Europe
The CCPA, the California Consumer Privacy Act (and its updated version, the CPRA, the California Privacy Rights Act) are California laws. Obviously.
The PGPD Lei Geral de Proteção de Dados (General Data Protection Law, in Portuguese), is the law in Brazil.
PIPL (the Personal Information Protection Law of the People's Republic of China) applies in…. Guess where?
The Federal Privacy Act of Australia and the Australian Privacy Principles ("APPs")
And PIPEDA (definitely the best acronym), the Personal Information Protection and Electronic Documents Act in Canada.
There are lots of other privacy laws - these are just the major global data protection laws.
So let’s recap:
- Europe - GDPR
- California - CCPA and CPRA
- Brazil - LGPD
- China - PIPL
- Australia - The federal Privacy Act 1988 and the Australian Privacy Principles ("APPs")
- Canada - PIPEDA