Which data privacy laws apply to my business?
Cookie Compliance now equips your website with a fully configurable Privacy Experience that provides a beautiful, multi-level experience and includes new choices and controls for site visitors to better understand and engage in data privacy decisions.
The Privacy Experience is the first consent solution to incorporate the latest guidelines from over 100+ countries, as well as emerging standards from leading international organizations like the IEEE and World Economic Forum.
Overview of Data Protection Laws
Moderate regulations like those found in Australia (Australian Privacy Principles), China (Cybersecurity Law, Consumer Protection Law and E-Commerce Law), and Japan (Act on the Protection of Personal Information), provide the lowest levels of choice, control and context. In these Moderate jurisdictions, there is no requirement to capture user consent prior to collecting their data, no guidelines for how to provide users with control over their data, and limited requirements for the types of information that must be accessible to users.
Robust regulations like those found in California, USA (CCPA, soon to be replaced by the California Consumer Privacy Rights Act), Canada (PIPEDA, soon to be replaced by the Consumer Privacy Protection Act), and South Korea (Personal Information Protection Act) provide some level of choice, control and context. In these Robust jurisdictions, there are defined requirements to capture consent using an opt-out process, there are some guidelines for how users can opt-out, and there are established information requirements that must be provided to users during the consent process.
Heavy regulations like those found in the European Union (GDPR, soon to be updated by the ePrivacy Regulation), the United Kingdom (EU-GDPR and the Privacy and Electronic Communications Regulation), and India (Personal Data Protection Bill, soon to be enacted into law), provide the highest level of choice, control, and context. In these Heavy jurisdictions, there are defined requirements to capture consent using an opt-in process, there are established guidelines for how users can opt-in, and there are significant information requirements that must be provided to users during the consent process.
If your business is located in the European Union (EU), or your website is visited by people located in the EU, then your business is likely subject to GDPR.
If your business is located in the State of California (US), or your website is visited by people who may be residents of California, then your business is likely subject to CCPA.
If your website generates revenue from selling ad space, or from selling products and services to customers from multiple geographies, then your business is likely subject to both GDPR and CCPA.