When you read through an app's privacy policy, you'll often see references to the GDPR (General Data Protection Regulation) or the CCPA (California Consumer Privacy Act). If you aren't a lawyer, these acronyms can be confusing.
What is the GDPR?
Passed by the European Union in 2018, the GDPR is widely considered the strictest privacy law in the world. It dictates that companies cannot collect your data without explicit, informed consent. It applies to any company operating in the EU or targeting EU citizens.
Under the GDPR, you have the right to request a full copy of all data a company holds on you, and the 'Right to be Forgotten' (making them delete everything).
What is the CCPA?
The CCPA went into effect in California in 2020. Unlike the GDPR, the CCPA follows an 'opt-out' model rather than an 'opt-in' model. This means companies can collect your data by default, but they must provide a clear 'Do Not Sell My Personal Information' button.
While it only legally applies to California residents, many tech companies apply CCPA rules globally to simplify their infrastructure.
Which Protects You More?
Generally, the GDPR provides stronger foundational protections because data cannot be collected without your consent in the first place. The CCPA puts the burden on the user to manually opt-out of data sales.