Global Data Privacy Authority Rafi Azim-Khan Warns UK Companies: GDPR And CCPA Compliance Not One And The Same

Author:Mr Erik Cummins, Matt Hyams and Caroline Huddleston
Profession:Pillsbury Winthrop Shaw Pittman LLP

In a recent guest article for The Times, co-leader of Pillsbury's global Data Privacy practice Rafi Azim-Khan writes that global authorities are combatting privacy threats from big data, tracking and surveillance with a "growing tsunami of regulation," including the EU's General Data Protection Regulation and new laws in New York and California, that is designed to empower consumers against technology's overreaches.

Azim-Khan specifically covers the California Consumer Privacy Act (CCPA), which went into effect on January 1 and applies to UK companies (and many others) doing business in California, regardless of whether they have a physical presence in the state. The law's reach is in keeping with the "regulatory trend" of extra-territoriality, he writes.

Azim-Khan also cautions UK companies not to assume that complying with the game-changing GDPR means compliance with the CCPA.

"This is a dangerous fallacy," he warns. "Although cut from a similar cloth, there is a significant divergence: The CCPA catches fewer businesses but extends broader rights."

Among the differences between...

To continue reading