Privacy laws

In 2025, the California Privacy Rights Act (CPRA) is increasing the pressure on businesses to be more mindful of user data—especially regarding cookies and trackers. It's no longer enough to have a banner; if your site collects more data than it needs or holds onto it for too long, you're taking a risk.

What is the German Accessibility Improvement Act (BFSG), who has to comply with the BFSG, and how to comply with it? Read to find out.

What is India's Digital personal data Protection Act (DPDPA) and how to comply with it? What are the diffferences between DPDPA and the EU's GDPR? Learn what this law means for businesses and Indian individuals.

What is the Argentina‘s personal data Protection Law (PDPL)? Who does Argentina’s PDPL apply to, and how to comply with the law? Read this blog article to find out.

Learn about the New Zealand Privacy Act 2020 and its compliance requirements, 13 Privacy Principles, and how to protect Personal Information.

The Consent Management Ordinance should come into force on April 1, 2025. Its aim is to limit the use of cookie banners, but experts already expect it to fail. Read this article to learn why.

What is Singapore’s personal data Protection Act (PDPA), who does it apply to, and how to comply with the PDPA? Read this article to find out.

The Maryland Online Data Privacy Act comes into effect on October 1, 2025. Read this blog to learn how to comply with the MODPA and get ready for the law now!

The New Jersey Data Privacy Act comes into effect on January 16, 2025. Read this blog to learn if it applies to your business and how to comply with it.

Oregon Consumer Privacy Act, or Senate Bill 619, came into effect on July 1, 2024. Read what rights it provides for consumers and what duties it imposes upon businesses. 

The New Hampshire Data Privacy Law takes effect on January 1, 2025. Learn more about the law and how to prepare for it.

Read the top 10 data privacy trends and tendencies you need to understand in data privacy in 2025. Get ready now to navigate compliance and seize new strategic opportunities.

Montana Consumer Data Privacy Act became effective on October 1, 2024. Read this blog article to learn if it applies to your business and how to comply with it.

The Delaware personal data Privacy Act (DPDPA) is a data privacy law which was signed into law and comes into effect on January 1, 2025. Find out the details.

The EU proposed a new Financial Data Access framework, that is opening up data across financial services. Read more to prepare for it.

Iowa Consumer Data Protection Act will take effect on January 1, 2025. Get ready for it now.

Florida Digital Bill of Rights (FDBR) became effective on July 1, 2024. Read this blog article to learn if it applies to your business and how to comply with it.

The Artificial Intelligence Act (AI Act) is a new EU law regulating the usage of AI. The AI Act will go into effect on 1 August 2024. Read more to get ready for it!

The Texas Data Privacy and Security Act (TDPSA) was signed in 2023 and comes into effect on July 1, 2024. Read the blog to get ready for it.

Tennessee Information Protection Act (TIPA) was signed into law on May 11, 2023, and will take force on July 1, 2025. Read this blog to get ready for it!

From generative AI impact on everyday businesses and privacy-enhancing computation techniques to automotive industry privacy restart: what data privacy trends are going to be in 2024? Read this blog to find out.

The Digital Markets Act (DMA) is an important data privacy law regulating the operations of digital platforms in the EU. Read the blog to find out more details.

If ChatGPT can perform various tasks, including writing texts, can it write your website’s Privacy Policy too? Read this article to find out the ability of AI to write a Privacy Policy for a website and evaluate the quality of such a Privacy Policy.

In Germany, besides the GDPR, Cookie Consent is regulated by TTDSG and DSK guidelines. In this article, we will explore the Cookie Consent requirements and how to ensure compliance with German privacy laws.

The majority of gaming publishers still do not comply with the privacy laws. However, the situation is rapidly changing due to users concerned about their data privacy and new requirements of publishing platforms.

Article 25 of the GDPR requires the Privacy by Design approach to data protection. Read the article to find out what Privacy by Design means, why it is important for the GDPR, and how to implement it.

In South Korea, the Personal Information Protection Act (PIPA) came into effect in 2011 and underwent an amendment on September 15, 2023. Read more about what are the key principles and what are business obligations.

On 10 July 2023, the European Commission adopted its decision on the revised EU – US Data Privacy Framework, which entered into force immediately. Read about its impact on companies.

On September 22, 2022, the first phase of Quebec’s Privacy Law 25 came into effect. Additional requirements will come into effect in 2023 and then in 2024. Find out more.

In September 2023, a new data privacy law in Switzerland will take effect. Switzerland’s Federal Act on Data Protection (FADP) will go into force, replacing the outdated 1992 Act.

If your business is registered in Australia or you have customers in Australia, you must comply with Australia's Privacy Act of 1988. Read the article about it.

What is data privacy management? Read this article to learn more about why to implement a data privacy management system and how to do it correctly.

Does your iOS app need a Privacy Policy? What are Apple's Privacy Policy requirements for iOS apps? How to create a Privacy Policy for your iOS App? Read this blog to find out the answers.

This proliferation of apps has raised privacy concerns about users’ personal data. Governments around the world have implemented privacy laws. In this article, we will cover the privacy laws and legal requirements for apps.

The United States doesn’t have a single comprehensive federal law that covers the privacy of all types of data. Different US states have privacy laws in different legislative stages. Find out more.

The “Do Not Sell My Personal Information” page is one of CCPA’s principal requirements. Read the guide on when to use it, where to place it, and how to use it correctly.

Utah Consumer Privacy Act was passed and will go into effect on December 31, 2023. It is considered the most business-friendly data privacy act in the US.

Connecticut’s new data privacy law will go into effect on July 1, 2023.  Read more about it and the privacy law requirements.

Saudi Arabia's personal data Protection Law will go into effect on March 17, 2023. Learn more about it and how to prepare for your website's cookie compliance.

The GDPR in the EU, the CCPA in the US, and other privacy laws regulate how website owners must obtain and store Cookie Consent from website users. Read more about cookie control and how to manage cookies.

legitimate interest s a legal basis for processing personal data under the GDPR. However, it could be a confusing concept, and website owners are often unsure how to implement it correctly.

New Data Privacy Regulations are evolving, companies are investing heavily in privacy technologies, and users are becoming more aware of their rights regarding personal data... Find out the top data privacy trends in 2023.

The UK Data Protection Act 2018 is the UK’s implementation of the EU General Data Protection Regulation. Read this DPA 2018 checklist to comply with the law.

After Brexit, the Data Protection Act 2018 is the UK’s implementation of the GDPR. Find out more about the DPA 2018 and how it’s different from the EU GDPR.

On 27 September 2022, Michigan Senators introduced Senate Bill 1182, which would create the Michigan personal data Privacy Act. Read more about it.

On July 20, 2022, Google introduced new requirements for Google Play Store apps concerning Privacy Policy and disclosure. Find out more.

On July 14, 2022, the Danish DPA imposed a ban on the use of Google Workspace in Helsingør municipality in Denmark. This is the first time when such a decision regarding the Google Workspace for Education compliance with the GDPR was issued.

The Digital Services Act (DSA) will take effect starting 1 January 2024, and will try to limit the spread of illegal content online. It is expected that the DSA will set new rules for a more safe online environment, especially Big Tech.

Denmark’s DPA Datatilsynet announced that Google Analytics is not compliant with the EU General Data Protection Regulation due to the data transfer between the EU and the USA. Read more about it.

The Privacy and Electronic Communications Regulations (PECR) is a law in the United Kingdom, which sits alongside the Data Protection Act and the UK GDPR and provides people privacy rights in relation to electronic communications.

Colorado is the third US state to pass consumers’ privacy legislation. The Colorado Privacy Act was signed into law on July 8th, 2021, and will go into effect on July 1, 2023. Read more details to prepare for compliance.

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. The California Privacy Rights Act (CPRA), which amends the CCPA and includes additional privacy protections for consumers, will take effect on January 1, 2023, and applies to information collected on or after January 1, 2022.

Almost all websites use cookies to store information in website users' browsers. As cookies collect such personal data and people are concerned about their privacy, the use of cookies on a website is strictly regulated in the EU and other countries. Read more to know about cookie law compliance.

The EU – US Privacy Shield Framework was a legal framework for regulating personal data transfer between the Eu and the US to comply with data protection requirements. However, the European Court of Justice announced that the EU – US Privacy Shield became invalid on 16 July 2020.

The Virginia Consumer Data Protection Act (VCDPA) was signed on March 2, 2021, making Virginia the second state after California to officially instrument comprehensive consumer privacy legislation. The VCDPA will go into effect on January 1, 2023.

Google services, such as AdSense, Firebase, and Analytics, could be integrated into your website for analytical, advertising, or marketing purposes, but you must comply with Google EU consent policy if you want to use these services. In this article, we will look at how to comply with privacy laws.

2022 brings changes to the cookie guidelines in Italy. Approved in July 2021, the new cookie guidelines have been introduced on January 9, 2022. Published by the Italian Supervisory Authority, the new set of rules will make a big impact on cookies in Italy.

With data protection rules constantly changing and being updated, it’s important to keep a finger on the pulse. Here are the most notable updates and news stories on data protection from around the world.

The UK’s Information Commissioner’s Office (ICO) upholds data and information rights for the public within the United Kingdom. The ICO’s role is to both promote openness within the public bodies and to uphold data privacy for individuals.

Nevada’s privacy law, Senate Bill 220, went into effect in October of 2019 and protects the internet privacy rights of the citizens of the state. Any organization that processes data related to the state’s citizens needs to follow the guidelines set forth by the legislation.

The French Data Protection Authority (the CNIL) published an updated version of their cookie guidelines in the fall of 2020. The document covered recommendations for obtaining user consent to store or read non-essential cookies and similar technologies on their devices.

In 2019, the Data Protection Commission (DPC) of Ireland collected information from a swath of popular websites to document their use and deployment of cookies and tracking tools. Their goal was to determine whether or not the organizations were in compliance with existing cookie and tracking tool guidelines.

First passed in 2019, Thailand’s personal data Protection Act (PDPA) will finally come into full effect on June 1st, 2022. The PDPA is structured entirely around the idea of end-user consent, which means that websites must obtain express and explicit consent from their users before cookies or tracking tools can be activated. 

The South African population recently gained rights over their Personal Information. Enforcement of South Africa’s Protection of Personal Information Act (POPIA) began on July 1, 2021, and the law was modeled closely after the European Union’s GDPR. It’s been a long-time coming, as variations of this law have been in the works for almost 20 years.

CookieScript is a registered Consent Management Platform at IAB. We offer full integration with the latest version of IAB Transparency and Consent Framework (TCF) 2.2. 

The Turkish personal data Protection Law No. 6698, also known as the KVKK, came onto the books in April of 2016, shortly before the European Union’s GDPR. Both laws were tailored to their region’s court systems and maintain similar objectives.

First enacted in 2001, the Personal Information Protection and Electronic Documents Act (PIPEDA) served as an important first step in safeguarding the privacy rights of Canadians. Two decades on, this cornerstone legislation is now seen as having ”more bark than bite.” That may all change in 2021.

Now that Britain has exited the European Union, website owners are wondering how Brexit will affect the way they handle cookie consents from website visitors in the EU and UK.

Following a series of delays, Brazil's LGPD is now in effect. President Jair Bolsonaro issued a provisional measure that would have postponed the effective date of the LGPD until May 3, 2021. In an unexpected move, the Senate rejected the president’s provisional measure. 

While Europe's replacement for 2002's “Cookie Directive” has yet to pass through the European Parliament, it’s only a matter of time before the ePR (eprivacy Regulation) becomes law. So, what does this legislation and Cookie Consent mean for your business? 

Starting January 1st, 2020, businesses transacting with California residents need to ensure their data collection practices comply with the California Consumer Privacy Act (CCPA). CookieScript has put together this helpful guide that will answer everything you need to know about the CCPA, CCPA meaning, and how it will impact your business.

In Europe, years of preparation and speculation came to a head, when the General Data Protection Regulation (GDPR) became law in May of 2018. It’s now been on the books for a few years. GDPR replaced outdated data protection regulation that was nearly 20 years old. 

On the 3rd of June 2014, Italian Data Protection Authority (DPA) has published official instructions for websites on how users should be informed about cookie usage. In this article, you will find a summary of those instructions and a checklist to make sure your website is compliant with Italian cookie law.