HB Ad Slot
HB Mobile Ad Slot
Tomato, To-Ma-Toe: Is CCPA Deidentification the Same Thing As GDPR Anonymization?
Friday, April 9, 2021

Deidentified information is defined within the CCPA to refer to information that “cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer” provided that a business that uses deidentified information takes four operational and organizational steps to ensure that such information is not reidentified or disseminated.[1]

The standard for “deidentification” under the CCPA differs from the standard for “anonymization” under the European GDPR. While the CCPA considers information that cannot “reasonably” identify an individual as deidentified, the Article 29 Working Party interpreted European privacy laws as requiring that data has been “irreversibly prevent[ed]” from being used to identify an individual.[2]


[1] Cal. Civ. Code § 1798.140(h) (West 2020).

[2] Opinion of the Data Protection Working Party on Anonymisation Techniques, 0829/14/EN WP 216, at 7 (adopted April 10, 2014).

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins