2. Privacy Impact Assessment

An in-depth comparison between ADPPA (American Data Privacy and Protection Act) and the CALIFORNIA PRIVACY LAWS*
*CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act)

Result of comparison ADPPA California Privacy laws CCPA/CPRA
Quite similar, although in the ADPPA there are no specific provision concerning the submission of Privacy Impact Assessment to Federal/National authorities.
  • Large Data Holders are required to perform a Privacy Impact Assessment biennially in addition to the algorithmic assessment as
    detail before.
  • Businesses are required to perform regular risk assessments (also in compliance with eventual regulations issued on such topic and according to CCPA). The assessment must balance the benefits of their data processing against risks to consumers.
  • The risk assessments must be submitted to CPPA.