What laws are covered by Cookie Compliance?
Cookie Compliance is designed to help organizations meet the requirements of various global privacy regulations that govern the use of cookies and tracking technologies on websites and apps. Below are the key privacy laws currently supported by Cookie Compliance, along with a brief description of each and where it applies.
1. GDPR (General Data Protection Regulation)
Applies to: European Union (EU) and European Economic Area (EEA), including organizations outside the EU that process data of EU/EEA residents.
The GDPR is a comprehensive data protection law that regulates the processing of personal data. It requires organizations to obtain informed, prior consent before placing non-essential cookies (such as tracking or advertising cookies) on a user's device. Cookie Compliance supports granular consent and consent logs to ensure GDPR readiness.
2. CCPA / CPRA (California Consumer Privacy Act / California Privacy Rights Act)
Applies to: California, United States
The CCPA, enhanced by the CPRA, grants California residents rights over their personal information, including the right to opt out of the “sale” or “sharing” of personal data. Cookie Compliance helps businesses provide a “Do Not Sell or Share My Personal Information” link and honor opt-out signals, such as the Global Privacy Control (GPC).
3. Other U.S. State Privacy Laws
Applies to: Various U.S. states including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and others.
An increasing number of U.S. states are implementing their own privacy laws, often modeled after CCPA/CPRA but with some variations. Cookie Compliance can be configured to meet state-specific requirements, including opt-out mechanisms.
4. UK PECR (Privacy and Electronic Communications Regulations)
Applies to: United Kingdom
PECR governs the use of cookies and similar technologies in the UK. It requires user consent before setting most cookies, similar to the GDPR. Cookie Compliance provides consent banners and cookie preference management that comply with PECR and align with UK Information Commissioner’s Office (ICO) guidance.
5. LGPD (Lei Geral de Proteção de Dados Pessoais)
Applies to: Brazil
Brazil’s LGPD requires transparency and lawful grounds for processing personal data, including data collected via cookies. Cookie Compliance enables Brazilian site visitors to provide or deny consent for tracking, fulfilling the notice and consent obligations of the LGPD.
6. PIPEDA (Personal Information Protection and Electronic Documents Act)
Applies to: Canada
PIPEDA requires organizations to obtain meaningful consent for the collection, use, and disclosure of personal information. Cookie Compliance provides tools for presenting clear consent notice and recording user preferences in compliance with Canadian standards.
7. POPIA (Protection of Personal Information Act)
Applies to: South Africa
POPIA governs how personal information is processed and includes provisions around data collection via cookies. Consent must be obtained before using cookies for non-essential purposes. Cookie Compliance offers customizable consent banner and tracking controls aligned with POPIA’s requirements.
Cookie Compliance continuously updates its features to stay aligned with evolving privacy regulations. By using region-based compliance settings, organizations can tailor their cookie notices and user rights tools to meet the requirements of each jurisdiction.
If you have further questions or need help configuring your settings, please contact our support team.