The Dubai International Financial Centre announced the California Consumer Privacy Act (CCPA) passes muster, allowing compliant California businesses to be the first permitted to transfer data with the DIFC without additional contractual measures.
The adequacy decision falls in line with the DIFC’s commitment to strengthen its knowledge of cross-border enforcement best practices regarding data protection, it said in a press release Wednesday. The DIFC serves as a financial hub for companies operating throughout the Middle East, Africa, and Southeast Asia.
The DIFC praised enhancements to the protections under the CCPA approved as part of the California Privacy Rights Act.
“The amended CCPA gives consumers control and protection over personal data collected by businesses with built-in methods for confining data collection and processing to what is fair and lawful, and necessary, in adherence with global data protection standards,” the DIFC said.
Jacques Visser, DIFC commissioner of data protection, said in the release that after evaluating the CCPA, “[I]t became clear … California importers will treat personal data from DIFC ethically and fairly.”
Ashkan Soltani, executive director of the California Privacy Protection Agency, which enforces the CCPA, added the decision “further demonstrates the incredible potential created by having strong consumer protections that facilitate responsible trade and innovation.”
The DIFC said the decision sets “a first-time precedent for building similar relationships with various U.S. states.” More than 10 U.S. states have passed comprehensive data privacy laws, including Texas in June.
The European Commission in July adopted a new framework to allow for compliant EU-U.S. data transfers, but views on whether it will survive legal challenges remain mixed.
No comments yet