1. Covered Entities

An in-depth comparison between ADPPA (American Data Privacy and Protection Act) and the CALIFORNIA PRIVACY LAWS*
*CCPA (California Consumer Privacy Act) and CPRA (California Privacy Rights Act)

Result of comparison ADPPA California Privacy laws CCPA/CPRA
ADPPA has a wider scope of application if compared with CCPA. In fact, ADPPA applies to any entity (regardless of the CCPA criteria e.g. annual gross revenue). Some additional criteria are established depending on whether it is a large or small business.
  • Covered entity is defined as i) the entity or person that alone or jointly with others establishes the purposes and means of collecting, processing, or transferring covered data and ii) that is subject to the Federal Trade Commission Act, the Communications Act of 1934 or is a non-profit organization.
  • An entity that controls or is controlled by or is under common control with another covered entity is included by the term covered entity (no distinction between legal entities within the same group).
  • Businesses that: i) have annual gross turnover exceeding $25M; or, ii) collect personal information of 100,000 consumers or iii) at least 50% of its revenue comes from selling consumers’ personal information.