The DIFC Commissioner of Data Protection has issued a first-of-its-kind adequacy decision on the California Consumer Privacy Act 2018.

The California Consumer Privacy Act 2018 was amended by the California Privacy Rights Act 2020 which came into force on 1 January 2023. The adequacy decision establishes a determination of the amended law’s equivalence to the DIFC Data Protection Law, DIFC Law No. 5/2020.

It facilitates personal data transfers between DIFC and California-based entities in accordance with DIFC Law No. 5/2020, without having to apply additional contractual measures. It also sets a first-time precedent for building similar relationships with various other US states.

The California Privacy Protection Agency (CPPA) has been recognised as an international organisation ensuring adequate data protection for purposes of personal data processed and transferred by the entities that it supervises.

The amended law provides consumers control and protection over personal data collected by businesses with built-in methods for confining data collection and processing what is fair and lawful, and necessary, in adherence with global data protection standards as well as the Commissioner’s objectives in administering DIFC Law No. 5/2020.

To view more news items and other content we have available, visit lexis.ae/demo to book a demo and start your free trial of Lexis® Middle East.

Want to learn more about Lexis® Middle East? Visit, https://www.lexis.ae/lexis-middle-east-law/.