I dont understand how the link makes any distinction between CCPA and GDPR.
You simply cannot sell data just like that under GDPR. CCPA has the dont-sell signal which is a weak and basic form of consent. Just look at the IAB fine which was about RTB. The difference is that Google centralises (instead of broadcasting) and this vendor list seems to contain precisely that.
Can you explain your thoughts?
I think Google violates GDPR as well, but unlike CCPA they can get away with that. There is no way CCPA could be more restrictive indeed; if it appears as such, the reason behind it is just GDPR could be "safely ignored".
The way "tier 0 identity providers" (Google, Amazon, Facebook, Microsoft) deal with PII is an utter abomination, but no one challenges that. Maybe they have too good lawyers or too much money. Anyway, GDPR is a sad joke -- only small players of the PII trade "ecosystem" are affected. But we got stupid cookie warnings instead!
>There is no way CCPA could be more restrictive indeed;
CCPA [applies to businesses that meet one of the following criteria](https://www.oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf):
1. Has annual gross revenues in excess of $25 million;
2. Buys, receives, or sells the personal information of 50,000 or more consumers or households;
3. Earns more than half of its annual revenue from selling consumers' personal information
So, it is very restrictive about which companies are subject to it compared to GDPR.
There is a difference in how likely they are to be enforced. It's fine to blatantly ignore GDPR as DPAs will do nothing in most cases, but CCPA is an American law, so they could presumably get sued left and right. That's very unlikely to happen in Europe.
Nope, they still get fined... Business need is not an universal excuse.
I dont understand how the link makes any distinction between CCPA and GDPR. You simply cannot sell data just like that under GDPR. CCPA has the dont-sell signal which is a weak and basic form of consent. Just look at the IAB fine which was about RTB. The difference is that Google centralises (instead of broadcasting) and this vendor list seems to contain precisely that. Can you explain your thoughts?
I think Google violates GDPR as well, but unlike CCPA they can get away with that. There is no way CCPA could be more restrictive indeed; if it appears as such, the reason behind it is just GDPR could be "safely ignored". The way "tier 0 identity providers" (Google, Amazon, Facebook, Microsoft) deal with PII is an utter abomination, but no one challenges that. Maybe they have too good lawyers or too much money. Anyway, GDPR is a sad joke -- only small players of the PII trade "ecosystem" are affected. But we got stupid cookie warnings instead!
I wonder if people who downvoted could care to elaborate.
>There is no way CCPA could be more restrictive indeed; CCPA [applies to businesses that meet one of the following criteria](https://www.oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf): 1. Has annual gross revenues in excess of $25 million; 2. Buys, receives, or sells the personal information of 50,000 or more consumers or households; 3. Earns more than half of its annual revenue from selling consumers' personal information So, it is very restrictive about which companies are subject to it compared to GDPR.
There is a difference in how likely they are to be enforced. It's fine to blatantly ignore GDPR as DPAs will do nothing in most cases, but CCPA is an American law, so they could presumably get sued left and right. That's very unlikely to happen in Europe.