PRIVACY-AWARE AI ASSISTANT FOR LEGAL COMPLIANCE (GDPR/CCPA)

Abstract

In the digital era, where data has become a highly valuable asset, strong data privacy and cybersecurity regulations are
essential for protecting individual rights and promoting responsible use of technology. This paper provides a detailed
comparative analysis of three major regulatory frameworks: the General Data Protection Regulation (GDPR) of the
European Union, the California Consumer Privacy Act (CCPA) of the United States, and emerging artificial
intelligence (AI) regulations, including the EU AI Act and proposed U.S. federal initiatives. The study begins by
examining the historical and legislative backgrounds that shaped the GDPR and CCPA, outlining their key principles,
scope, enforcement strategies, and impact on both organizations and individuals. The GDPR focuses on
comprehensive data protection rights, strict consent requirements, and global applicability, whereas the CCPA
emphasizes consumer rights such as access to personal data, deletion, and the option to restrict data sales, offering a
more business-oriented approach. The analysis then shifts to the rapidly evolving field of AI regulation. As AI systems
increasingly influence decision-making in critical sectors such as healthcare, finance, and criminal justice, there is a
growing need for proactive governance. The paper explores the EU AI Act, which categorizes AI systems based on
risk levels and enforces requirements related to transparency, accountability, and human oversight. It also reviews
U.S. initiatives, including the proposed AI Bill of Rights and legislative efforts aimed at addressing algorithmic bias
and automated decision-making. Through this comparative perspective, the study identifies key similarities and
differences among these regulatory frameworks, particularly in areas such as data subject rights, compliance
requirements, enforcement mechanisms, and the regulation of emerging technologies like AI. It further discusses the
challenges of aligning global data protection laws, balancing innovation with ethical responsibility, and managing
enforcement inconsistencies across jurisdictions. Finally, the paper emphasizes the need for adaptive and forwardlooking
regulatory frameworks that not only safeguard privacy and strengthen cybersecurity but also encourage
responsible AI development. It concludes by offering policy recommendations aimed at achieving regulatory
alignment and enhancing international cooperation in the governance of data and artificial intelligence systems.