4 hours 41 minutes
welcome everyone to module nine of 10
in this module. We will be discussing how you can leverage your previous efforts to comply with the other privacy laws of the world, including, most notably, the GDP are
I want to take a quick second to point out the GDP are is by no means the only other privacy law that exists outside the United States.
On your own time, I encourage you to look up the L G p D, which is the comprehensive privacy law of Brazil.
There's also an important exposure to American companies to Pippa,
which is the privacy law that applies to the Canadian market.
But I understand that the £800 gorilla in the room is the GDP are
and we are going to now be spending this entire module. Comparing the compliance requirements of the GDP are to the C C p. A. Because I recognize that most of you probably worked at a company that has probably pursued some sort of g d. P R effort,
and the main goal here is to ensure that you do not start from scratch
moving forward. This is where we are in our course outline
we are again in module nine.
One more model to go.
We will be reviewing the upcoming amendments and future changes to the C c p. A.
But at this point, you should have a very solid understanding of all the privacy obligations that apply to the C c. P. A.
I will be mentioning something from all of the eight. Modules were reviewed up until this point.
So that's why we needed to wait until module nine to be able to compare the CCP A to the GDP are
because we really need to understand what is required of the CCP A. Before we can really compare it to anything else.
We're going to focus in on the differences that apply to the consumer requests.
There are way more other differences that we will get to later in the module, but Lesson 9.1 is dedicated to the subject of consumer requests,
our learning goals and objectives. For less than 9.1,
we will review the differences in scope over the rights for the G, d. P R and C C. P. A. As I mentioned a moment ago,
will also note there are favorable deletion exceptions under the CCP A that are so important that they deserve their own subsection here in this lesson.
Then there's a couple miscellaneous items that I want to make sure that I bring to your attention, which highlight why the GDP are is actually so much more difficult to comply with than the C C. P. A.
Not, of course, to undercut anything we've been studying up until this point. Because, yes, the C C p. A. Is nevertheless quite difficult
if you think back to module one. When I was talking about a human right versus a civil right versus a consumer right,
you need to understand that the GDP, our views, rights as personal rights,
all the rights of an individual can enjoy under the GDP are is because that person resides in Europe,
and that's it.
But in the United States, all of the privacy rights are viewed through the lens of consumers or transactions or business.
Because of that, the scope of the personal rights in Europe are far larger, far more significant And there, I say,
far more cherished by the business community in the political landscape There.
The first three rights that you will see on the left side of your screen lineup directly with the first three rights on the right side of your screen that exist under California,
the right to be informed of how information is handled internally,
the right to access your own information
and the right to delete your own information.
Those three things line up,
but there is no right to opt out of sale under the GDP are
Because the GDP are requires an opt in regime where you need to have a legal basis to preserve, to process personal information, personal data. Under the law,
we will get to that in less than 9.2. But be aware
if you have already stood up a GDR GPR compliance regime at your company,
you're not going to have already the ability to opt out of sale.
You're going to need to construct that
item number four on the consumer right side.
That is a gap you have now that you need to build even if you've already and this is an air quotes here decided to comply with the GDP are
The CCP A If you look at item number four on the left side of your screen
does not have a right to rectify your personal information.
You cannot fix it under the c c P. A.
Too bad, so sad. If you believe information is incorrect,
you can try to resolve that using other mechanisms. But
the C C P A. Will not help you.
You cannot restrict the way that your information is processed internally within the company
that is a right that exists under the GDP are
you cannot bring your information from one company to another or from one company to its competitors.
But if you see item number six there,
that right does exist under the GDP are
you cannot object to processing activities, but under the GDP are
There are certain methodologies when it comes to automated decision making.
Basically, when a computer algorithm or some sort of technology that uses machine learning or just automated functions to look at an individual's personal data and then make a decision that has a financial or legal impact on a person,
that is something that individuals in Europe can object to,
but not in the United States,
or certainly not using the C, c p A in the United States.
That's the scope of the differences.
Feel free to posit video now if you want to jot these down. But the big thing here is
don't forget the rights in California are consumer rights,
but the rights in Europe are personal
Another big thing to remember
the GDP are the winner To respond to a consumer request is 30 days under the CCP A. You get 45 days an extra 15 days
if you are already going to build a regime in California or one that is meant to comply with the California market, and then you later in time, decide.
You know what business is growing.
Let's start marketing our goods and services into Europe.
You're gonna have a problem.
Europe requires a 30 day window instead of 45 days.
Please be aware of that.
If you go east bound to that market, you will need to shorten your window to satisfy. I won't use the word consumer requests anymore. So personal or data subject requests,
which we'll get to in a second.
there are way too many deletion exceptions under the CCP A to go through them all once more, but I encourage you here to posit video and jot down the key differences between the exceptions that exist under the GDP are versus those that exist under the C C. P. A.
The big thing to note here is that there are far more reasons why the CCP A an individual, will not be able to get their personal information deleted,
whereas under the GDP are
odds are you're going to be more successful from the perspective of the individual
from the perspective of the business. If you are in GDP, our land,
you're likely going to have to satisfy the request,
whereas under the C c p. A.
You have a lot more ways to say no
at the last one. The last reason.
Otherwise, use the consumer's personal information internally in a lawful manner that is compatible in which the context in which the consumer provided the information
remember back to the California hearings in the legislative branch objected, saying something along the lines off. You could drive a train through that,
And it's true
in Europe, the exceptions to deleting information are far more robust than they are in California.
another thing to note my friends.
There's far more awareness in Europe about the GDP are
if you ask anyone walking down the street, even in California, have you ever heard of the CCP? A. Most of the time, people are not going to say yes. But in Europe, most people are aware of the GDP are
I shouldn't say most, but at a minimum, people are aware that they do have data privacy rights.
Whether or not they know that there's a law called the GDP are,
that's a question mark.
It all depends where you are.
Ultimately, there is far more awareness because it's just culturally ingrained into the European Science Society and European businesses that individuals do have far more data subject rights in Europe than they do in the United States.
And don't forget there's far more European residents than there are those who live in California,
in fact, 10 times the number
to conclude this.
Please keep an eye on the fact that there are nine different GDP, our rights, depending on the way you slice it
versus Onley four that exist under the C c. P. A.
I've identified the five that exist under the GDP are that don't exist under the C c. P A.
Keep in mind that there are different response windows. And please don't underestimate the importance of people simply being aware they have rights in Europe
versus those in the United States who just sometimes don't know.
I'll see you in the next video.