[1]Road to Adequacy: Can California Apply Under the GDPR?

[1]Road to Adequacy: Can California Apply Under the GDPR? - Lawfare:

Earlier this year, the [2]European Commission, the executive arm of
the European Union, [3]recognized Japan's data protection regime as
adequate under the European [4]General Data Protection Regulation
(GDPR). Japan is now treated as part of the [5]European Economic
Area (EEA) under the GDPR, and data flows from the EEA may be
transferred to Japan without any additional safeguards or
agreements. This is the first adequacy decision since the GDPR took
effect, and it will likely provide a road map for other countries or
territories seeking EU approval going forward.

At the same time that Japan's adequacy determination was being
finalized, the California attorney general began hosting seven
public forums across the state to allow public comment during the
California Consumer Privacy Act (CCPA) pre-rulemaking process. The
CCPA, [6]enacted July 28, 2018, and [7]effective Jan. 1, 2020, is
modeled on the GDPR, imposing new data protection [8]requirements on
certain companies and granting new rights to California residents.

Even before the CCPA was signed into law, the bill sparked
[9]speculation about whether California could apply under the GDPR
for adequacy. While California has not yet expressed an intention to
apply, the state has a [10]history of forging its own path in the
absence of federal action. And notably, industry stakeholders at the
CCPA public forums [11]requested that the potential CCPA regulations
contain a safe harbor provision for GDPR-compliant businesses. In
addition, legislation [12]introduced this year to amend the CCPA to
more closely align with the GDPR framework-coupled with last year's
[13]stalled efforts to create a California data protection
agency-indicates that some state legislators may have a broader
vision of the relationship between the two privacy regimes.

But could a single state secure a GDPR adequacy determination even
though the United States has not obtained a full adequacy decision?
This post considers whether California could apply (based on the
factors considered in the recent Japanese adequacy decision) and,
importantly, whether any legal barriers exist under the GDPR.

A fascinating read about CCPA and GDPR. The Japan example is a useful
one but only to a certain point. Andrei Gribakov's article is an
excellent breakdown of the issues and how this might play out.
__________________________________________________________________

My original entry is here: [14]Road to Adequacy: Can California Apply
Under the GDPR? - Lawfare. It posted Tue, 23 Apr 2019 23:13:42 +0000.
Filed under: business,

References

1. https://www.lawfareblog.com/road-adequacy-can-california-apply-under-gdpr
2. https://ec.europa.eu/commission/index_en
3. http://europa.eu/rapid/press-release_IP-19-421_en.htm
4. https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en
5. https://eeas.europa.eu/diplomatic-network/european-economic-area-eea_en
6. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
7. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
8. https://www.washingtonpost.com/technology/2018/06/28/california-lawmakers-just-adopted-tough-new-privacy-rules-targeting-facebook-google-other-tech-giants
9. https://iapp.org/news/a/is-california-on-its-way-to-going-for-adequacy/
10. https://www.theguardian.com/environment/climate-consensus-97-per-cent/2018/sep/17/california-plans-to-show-the-world-how-to-meet-the-paris-climate-target
11. https://www.dataprotectionreport.com/2019/01/client-alert-ca-attorney-generals-office-begins-rulemaking-process-with-first-public-hearing-while-us-congress-debates-new-us-federal-privacy-law/
12. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1760
13. https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB2182
14. https://www.prjorgensen.com/?p=2733