Source: note.com
- GDPR (General Data Protection Regulation) applies to any organization that processes the personal data of EU/UK citizens, regardless of where the organization is located.
- ADPPA (American Data and Privacy Protection Act)
| Topic | GDPR | ADPPA |
| Right to access | Art. 15: list of items to be provided | Sec. 203(a)(1): list of items to be provided; only for data processed within 24 months prior to request |
| Right to information | Privacy notice: content in Art. 13/14 | Privacy notice: content in sec.202(b) |
| Right to rectification | Art. 16: inaccurate or incomplete data | Sec. 203(a)(2): inaccurate or incomplete information |
| Right to erasure | Art. 17(1): data processed by controller if one of the conditions in para 1 apply;
Exceptions in Art. 17(3) |
Sec. 203(a)(3): data processed by covered entity
Exceptions in Sec. 203(e)(3)(A)(x) |
| Right to data portability | Art. 20 | Sec. 203(a)(4) |
| Right to withdraw consent | Art. 7(3): withdraw if data processing is based on consent | Sec. 204(a): withdraw consent to data transfers |
| Right to object/opt-out | Art. 21(1): if one of the conditions of para 1 apply
Art. 21(2-3): absolute right for marketing purposes |
Sec. 204(b): object to data transfers unless based on permissible purpose. Absolute right for marketing purposes |
| Right to restriction of processing | Art. 18(1): if one of the conditions of para 1 apply | / |
| Algorithmic decision-making | Art. 22(1): prohibited if legally or similarly affecting individual
Art. 22(2): exceptions |
Sec. 207: prohibition of discrimination unless for self-testing or to diversify applicant/participant/customer pool |
source: priviq.com
Last Updated on April 27, 2024
