Privacy regulations overview

This document provides an overview of the different privacy regulations supported by Adobe Experience Cloud.

Through the use of Adobe Experience Platform Privacy Service, Experience Cloud supports access and delete requests based on the following regulations:

Regulation Description
APA (Australia) The Australia Privacy Act (Privacy Act) promotes and protects individuals’ privacy and regulates how Australian Government agencies and organization handle personal information. The Privacy Act includes principles that apply to private sector organizations. For example, individuals are afforded the right to understand why the personal information is being collected and how it will be used, the ability to access, erase their data, and correct personal information.
CCPA (California) The California Consumer Privacy Act (CCPA) enhances privacy rights and consumer protection for residents of California, United States. The CCPA provides new data privacy rights to California residents, including the right to access and delete their personal data, to know whether their personal data is sold or disclosed (and to whom), and the right to opt out of having their data sold to third parties.
CPRA (California) The California Consumer Privacy Rights Act (CPRA) expands and amends portions of the California Consumer Privacy Act (CCPA). The CPRA establishes a new baseline for consumer data privacy in California by increasing consumer rights and expanding the type of data covered through a broader definition of sensitive personal information. In addition, the CPRA established the California Privacy Protection Agency, a new agency dedicated to implementing and enforcing data privacy rules.
GDPR (European Union) The General Data Protection Regulation (GDPR) introduced several new data privacy rights for members of the European Economic Area (EEA), including the Right to Access and the Right to be Forgotten. This means that any person living in the EEA whose personal data has been collected by your business can request to access or delete their data at any time.

The United Kingdom (post-Brexit) has its own version of the regulation, UK-GDPR, which provides its citizens with the same rights as the EEA version.
HIPAA (United States of America) The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law created to improve healthcare efficiency, improve health insurance portability, and to protect the privacy of patients and health plan members. Under HIPAA, individuals have the right to access and amend their information and obtain copies of their medical records or health information. Covered entities and business associates of covered entities must follow the HIPAA regulations.
LGPD (Brazil) The Lei Geral de Proteção de Dados (LGPD) aims to regulate the treatment of personal data of all individuals or natural persons in Brazil. The LGPD gives Brazil citizens the rights to access and delete their personal data, to know whether their personal data is sold or disclosed (and to whom), and the right to opt out of having their data sold to third parties.
New Zealand Privacy Act The New Zealand Privacy Act controls how agencies can collect, use, disclose, store, and give access to the personal information of New Zealand citizens and organizations. In 2020, the latest version of the act introduced significant updates to these privacy laws, including new offenses, increasing fines, mandatory notifications for data breaches, and increasing the powers of the Privacy Commissioner.
PDPA (Thailand) The Personal Data Protection Act (PDPA) was introduced to safeguard Thai data owners from the illegal collection, use, or disclosure of their personal data. Inspired by the European Union’s GDPR, the regulation grants Thai citizens the right to request access to, or the deletion of, their stored personal data.
VCDPA (Virginia) The Virginia Consumer Data Protection Act (VCDPA) provides new data privacy rights to Virginia residents (“Consumers”) including the right to access, delete, and correct personal data. Consumers also have the right to opt out of the sale of personal data, opt out of profiling based on personal data, and processing of personal advertising purposes.

Next steps

For more information on supported regulations, refer to the following documents:

To learn how to support customer access and delete requests for data stored on your Experience Cloud applications, refer to the guide on Privacy Service and Experience Cloud applications.

On this page