Regulatory Responses to Data Breaches: Evaluating the Effectiveness of GDPR and CCPA in Consumer Protection

Leonardo W Ou

doi:10.62051/ijsspa.v6n1.22

Authors

Leonardo W Ou

DOI:

https://doi.org/10.62051/ijsspa.v6n1.22

Keywords:

Privacy Regulations, Data Breaches, Consumer Protection, Data Privacy, Enforcement Mechanisms

Abstract

In the digital age, data breaches have become a significant threat to consumer privacy, prompting the implementation of stringent data protection regulations worldwide. This paper evaluates the effectiveness of two prominent regulatory frameworks, the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States, in safeguarding consumer data and responding to data breaches. Through a comparative analysis of their key provisions, enforcement mechanisms, and real-world impacts, the study examines how these regulations address consumer rights, data access, and control. The research employs a mixed-methods approach, analyzing case studies of major data breaches under each framework, including the 2018 British Airways breach (GDPR) and the 2020 Zoom breach (CCPA). Findings reveal that GDPR, with its broader scope, stringent enforcement, and higher penalties, offers a more comprehensive and proactive approach to data protection compared to the CCPA, which is more localized and reactive. The study highlights the challenges and limitations of each framework, emphasizing the need for ongoing refinement to address emerging technological and cybersecurity threats. The paper concludes that GDPR serves as a global benchmark for data protection, while the CCPA represents a significant but narrower step toward enhancing consumer privacy in the U.S. Future research should explore the adaptability of these regulations to new technologies and their socio-economic impacts on businesses, particularly small and medium-sized enterprises.

Downloads

Download data is not yet available.

References

[1] “California Consumer Privacy Act (CCPA).” State of California - Department of Justice - Office of the Attorney General, 15 Oct. 2018, https://oag.ca.gov/privacy/ccpa.

[2] de Souza, Jonatas S., et al. “The General Law Principles for Protection the Personal Data and Their Importance.” Computer Science & Information Technology (CS & IT), AIRCC Publishing Corporation, 2020, pp. 109–20, https://aircconline.com/csit/papers/vol10/csit101110.pdf.

[3] European Parliament and Council of the European Union. “General Data Protection Regulation (GDPR) – Legal Text.” General Data Protection Regulation (GDPR), 13 July 2016, https://gdpr-info.eu.

[4] Georgiou, Dimitra, and Costas Lambrinoudakis. “Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR).” Information, vol. 11, no. 12, Dec. 2020, https://doi.org/10.3390/info11120586.

[5] Information Commissioner’s Office. British Airways Penalty Notice. 16 Oct. 2020, https://ico.org.uk/media/action-weve-taken/mpns/2618421/ba-penalty-20201016.pdf.

[6] Joren, Hailey, et al. “Participatory Personalization in Classification.” arXiv.Org, 8 Feb. 2023, https://arxiv.org/ abs/2302.03874.

[7] Mazumdar, Torsha, et al. “Are Current CCPA Compliant Banners Conveying User’s Desired Opt-Out Decisions? An Empirical Study of Cookie Consent Banners.” arXiv.Org, 2 Sept. 2023, https://arxiv.org/abs/2309.00776.

[8] Naqvi, Syed Khurram Hussain, and Komal Batool. “A Comparative Analysis between General Data Protection Regulations and California Consumer Privacy Act.” Journal of Computer Science, Information Technology and Telecommunication Engineering, vol. 4, no. 1, Mar. 2023, pp. 326–32, https://doi.org/10.30596/jcositte.v4i1.13330.

[9] Runte, Christian, et al. “GDPR Enforcement Tracker Report.” CMS Law.Tax, 2024, https://cms.law/en/int/ publication/gdpr-enforcement-tracker-report.

[10] Vollmer, Nicholas. “Article 8 EU General Data Protection Regulation (EU-GDPR).” Nicholas Vollmer, 4 Apr. 2023, https://www.privacy-regulation.eu/en/8.htm.

[11] Voss, W. Gregory, and Kimberly A. Houser. “Personal Data and the GDPR: Providing a Competitive Advantage for U.S. Companies.” American Business Law Journal, vol. 56, no. 2, May 2029, pp. 287–344, https://doi.org/10.111 1/ablj.12139.

[12] Zoom. In Re: Zoom Video Communications, Inc. Privacy Litigation, N.D. Cal. Master Case No. 5:20-Cv-02155-LHK. 7 Apr. 2022, https://www.zoommeetingsclassaction.com/Content/Documents/Notice.pdf.