GDPR vs. CCPA: What These Privacy Laws Actually Protect

Mary McDonald
・
Privacy
・

Two landmark laws, two different approaches
The EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA) are the two most significant privacy laws affecting internet users today. Both give you rights over your personal data — but they work differently, and neither is universal.
GDPR: consent-first by default
GDPR requires companies to obtain explicit, informed consent before processing personal data for most purposes. Key rights include:
Right of access — Request a copy of all data a company holds about you
Right to erasure — Request that your data be deleted ("right to be forgotten")
Right to portability — Request your data in a machine-readable format
Right to object — Opt out of processing for direct marketing
GDPR applies to any company that processes data of EU residents, regardless of where the company is based.
CCPA: opt-out rights for California residents
CCPA takes a different approach: companies can collect and sell your data by default, but you have the right to opt out. Key rights include:
Right to know — What data is collected and who it's shared with
Right to delete — Request deletion of your personal information
Right to opt out — Of the sale of your personal information
Right to non-discrimination — Companies can't charge more or provide worse service for exercising your rights
What this means in practice
Neither law fully protects you from opaque privacy policies and confusing terms. That's where FinePrint helps — by flagging when a policy conflicts with your legal rights, or when opt-out language is buried and hard to act on.