1. Data Minimization

An in-depth comparison between ADPPA (American Data Privacy and Protection Act) and the CALIFORNIA PRIVACY LAWS*
*CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act)

Result of comparison ADPPA California Privacy laws CCPA/CPRA
The fulfillments established by ADPPA with reference to data minimization are stricter than the ones defined by California privacy laws.
  • The ADPPA’s duty of loyalty is focused on data minimization. This duty requires a covered entity to only collect and process the covered data that is reasonably necessary and proportionate to the product or service being provided. Additionally, the ADPPA prohibits or restricts specific covered data practices what is reasonably necessary and proportionate to i) provide a product and/or service requested by the individual, ii) deliver a reasonably anticipated communication, or iii) perform an expressly permitted purpose.
  • The processing of a consumer’s data (collection, use, retention, and sharing) must be necessary and proportionate to achieve the purposes for which it was collected or processed, or for another disclosed purpose that is compatible with the original purpose.