Data Subject Rights and Consumer Rights as Defined by Privacy Law
GDPR and CCPA both provide rights to individuals regarding the control and protection of their personal data. The rights are similar but different and individuals are referred to as data subjects in GDPR and consumers in CCPA. In addition, COPPA in the US deals specifically with the privacy rights of children under the age of 13. Under GDPR, data subjects must agree to how their data is used and the controller must ensure that their data is only used as allowed by law or by contract.
While the following focuses on GDPR and CCPA, generally privacy regulations provide basic rights to individuals regarding their personal data, including the right to be forgotten, portability, access, error correction, and expectation of security.
What are some of the rights provided by GDPR?
- Right to understand in clear language about how and why their data is used.
- The right to have errors corrected in their data.
- The right to have their data removed, referred to as the right to be forgotten.
- The right to restrict how an organization uses their data.
For CCPA, consumers own and control their data and can hold companies responsible for the security of their data.
What are some of the rights provided by CCPA?
- Consumers control if their data is shared or sold by companies.
- Consumers have the right to have their data deleted.
- Companies will have privacy and security controls to safeguard consumer’s data.
What are the rights provided by COPPA?
- Parents must consent for obtaining personal information of children under age 13.
- Privacy policies must detail how consent is obtained and how information is protected.
- Parents must be provided information on how their children’s information will be used and how to access the collected information.
- Companies must only retain the child’s information as reasonably needed.