Protection for ‘Inferences Drawn’: A Comparison Between the General Data Protection Regulation and the California Consumer Privacy Act

Abstract

Inferences drawn from personal data have arguably become more dangerous to individual privacy than the vast collection and storage of the data itself. Recently there have been questions raised about whether the General Data Protection Regulation (GDPR) has sufficient protection for these inferences. Probably not surprisingly, and learning from this possible shortcoming, the California Consumer Privacy Act (CCPA) specifically includes ‘inferences drawn’ as part of its definition of personal information. This article explores the widespread use of inferential data and compares the protection provided under the GDPR and the CCPA for such inferences. privacy, data protection, inferences drawn, GDPR, CCPA