California Recognized By Dubai International Financial Centre Due to Data Protection Law and Regulations

The Dubai International Financial Centre (DIFC) today issued an adequacy determination establishing the California Consumer Privacy Act of 2018 (CCPA)’s equivalence with the DIFC’s Data Protection Law.

The CCPA is the first comprehensive commercial privacy law in the United States, giving California consumers the right to access, delete, and stop the sale of their personal information. In 2020, California voters approved Proposition 24, the California Privacy Rights Act, which amended and expanded the CCPA, and created the California Privacy Protection Agency as the first independent data protection authority in the United States.

“We're pleased to be recognized by DIFC,” stated Ashkan Soltani, Executive Director of the California Privacy Protection Agency. “California is set to become the world's 4th largest economy and is the de-facto leader in privacy in the U.S. This decision further demonstrates the incredible potential created by having strong consumer protections which facilitate responsible trade and innovation.”

DIFC is a leading global financial center in the Middle East, Africa, and South Asia region. It has declared adequacy with a number of entities including EU countries, the UK, Canada, Singapore, and Korea. Today’s decision facilitates personal data transfers between DIFC and California-based entities that are in accordance with the DIFC’s Data Protection Law. It is also the first time that DIFC has granted this status to a state within the U.S.

The CPPA is a member of several international bodies focused on privacy, including the Global Privacy Assembly (GPA), the Asia Pacific Privacy Authorities (APPA), and the Global Privacy Enforcement Network (GPEN).

Contact: press@cppa.ca.gov