What is cookie compliance?
In the USA, different states have different regulations for cookie compliance. The California Consumer Privacy Act (CCPA) was the first data privacy law in the US, which took effect on January 1, 2020. Virginia is the second US state to regulate cookie compliance. The Virginia Consumer Data Protection Act (VCDPA) was signed on March 2, 2021, and will go into effect on January 1, 2023. US state privacy legislation tracker shows that as of 2022, besides California’s CCPA and Virginia's CDPA, there is Colorado Privacy Act, which will take effect on July 1, 2023, and Utah Consumer Privacy Act, which will go into effect on December 31, 2023. Other states' data privacy laws are in different legislative processes and are supposed to take effect in a near future.
There are also other privacy laws regulating Cookie Consent compliance such as the Brazilian General Data Protection Law (LGPD), Thailand’s Personal Data Protection Act (PDPA), South Africa’s Protection of Personal Information Act (POPIA), and others.
GDPR Cookie Compliance
GDPR cookie compliance protects the following website users' rights:
- The right to be informed.
- The right to data access.
- The right to data rectification.
- The right to data deletion.
- The right to restrict the processing of data.
- The right to data portability.
- The right to object.
- The rights regarding automated decision-making and profiling.
GDPR cookie compliance ensures respecting user privacy and anonymity by regulating users' personal data collection and processing.
How to achieve GDPR cookie compliance?
The businesses have the following obligations under the GDPR:
- Inform users about the types of cookies used and what are their purposes.
- Provide easy Cookie Consent withdrawal at any time.
- Record all user Cookie Consentss.
- Permit access to content regardless of Cookie Consent.
Who has to comply with GDPR?
It is important to note that GDPR protects personal data seriously. This is not a recommendation, it's an obligation. The GDPR and ePrivacy Directive apply to all businesses inside the EU, UK, Norway, Island, Lichtenstein, and Switzerland. The GDPR applies to all businesses in the EU that collects users' personal data. It also applies to businesses outside the EU that either:
- Offer goods or services to customers in the EU.
- Collect the personal data of anyone in the EU.
If your company meets any of those criteria, you need to follow the guidelines for EU cookie compliance regardless of where the company is located. Companies that do not follow cookie compliance are punished with fines. The biggest fine so far was charged to Amazon. €746 million fine was related to non-compliance with Cookie Consent. The website was tempting to force users to “agree” to cookies by default, and to make opting out of cookies was difficult.
CCPA Cookie Compliance
The California Consumer Privacy Act (CCPA) is a privacy regulation that took effect on January 1, 2020. CCPA gives California consumers the right to know what information is being collected on them and how their data is being used.
CCPA cookie compliance protects the following California consumers' rights:
- Right to know. California consumers must be informed about the use of website cookies.
- Right to delete. California consumers must have the right to request for deletion of their personal data.
- Right to opt-out. Businesses should include a link to their Cookie Banner that allows website users to accept or reject cookies. The consent should be specific, freely given, informed, and unambiguous.
- Right to withdraw. California consumers could be able to withdraw their consent for specific cookies at any time.
- Do not sell personal information. If your business sells consumers' personal information, you must disclose this fact, state to whom you are selling it, and get consent from a user to sell it.
- Be mindful of consumers' age. The CCPA ensures extended protection for consumers under the age of 16.
The CCPA will be significantly expanded by the California Privacy Rights Act (CPRA), which will go into effect on January 1, 2023. The CPRA cookie compliance expands these rights for California Consumers:
- Right to correction. California consumers can request correction of their personal data held by a business if that data is inaccurate.
- Right to opt-out of automated decision-making technology. California consumers could request to opt-out of the use of automated decision-making technology in connection with decisions related to the economic situation, health, personal preferences, interests, behavior, geo-location, racial or ethnic origin, religious or philosophical beliefs, etc.
- Right to access information about automated decision-making. California consumers could requests access to information about how the automated decision-making processes are performed and access to a description of the likely outcome based on that process.
- Right to opt-out of sharing sensitive personal information. California consumers may restrict the use and disclosure of sensitive personal information for certain secondary purposes to third-parties for cross-context behavioral advertising, which essentially refers to interest-based advertising.
- Right to opt-out of certain uses and disclosures of sensitive personal information. Sensitive personal information could refer to the following information: consumer’s account log-in details; financial account, debit card, or credit card number in combination with a security or access code, password, or credentials; social security number, driver’s license, state ID card, or passport number; precise geo-location; racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s email and text messages unless the business is the intended recipient of the communications; genetic data and biometric data; health, sex life or sexual orientation.
- Rights for children. A company must obtain implied opt-in consent before selling or sharing the personal information of a consumer under 16.
- Right to data portability. California consumers can request businesses to transmit their personal information or a part of it to another company.
Cookie Compliance Solutions
The cookie compliance requirements under different privacy laws aren’t identical, so businesses need to adjust their cookie practices to comply with them. Websites should use different cookie banners with different settings depending on location.
CookieScript Consent Management Platform provides a reliable and easy-to-use cookie compliance solution, which ensures your business' cookie compliance with Europe's GDPR/ePR, California's CCPA/CPRA, Brasil's LGPD, and other major privacy laws.
CookieScript offers the cookie compliance solution for your business with the following functions:
- Provides geo-targeting. Different Cookie Banners and privacy notices will be delivered to website users based on their geographic locations. Cookie banners will not conflict with each other and the proper script will be taken for each location.
- Provides fully customizable GDPR and CCPA Cookie Banner. You can personalize colors, fonts, text and style.
- Provides one of the most configurable Cookie Banner on the market, which allows to adjust to your website's design.
- Scans your website for cookies and tracking pixels.
- Categorizes and adds descriptions to your cookies.
- Maintains a full history of user consent (as required by privacy laws).
- Allows users to withdraw consent at any time.
- Provides a cookie declaration that includes a Cookie Provider and third-parties information.
Cookie Compliance Checker
To achieve cookie compliance you must know what cookies your website sets on users’ devices. There are several ways to identify cookies on your website:
- First, you can check for cookies manually using your web browser settings.
- Second, you can use a Cookie Scanner to see cookies, present on your website uses.
CookieScript Cookie Scanner is a professional cookie compliance checker, which scans your website and provides a detailed cookie declaration report with automatically categorized cookies, including Third-Party Cookies. Our CookieScanner has a pre-build database of cookies, which on average covers 80% of your website cookies.
CookieScript cookie compliance checker is free and has the following characteristics:
- No email is required.
- Pre-build database of cookies.
- Automatic detection of special cookies.
- Monthly updates.
- Scans individual pages.
- Free and fast scanning.
Cookie Compliance Plugin
Any business must ensure cookie compliance to avoid fines for violating privacy laws and to achieve customers' trust regarding personal data management. Since GDPR cookie compliance and CCPA cookie compliance have some differences, businesses could use cookie compliance plugins to comply with the privacy laws of the countries where they provide services.
The CookieScript Consent Management Platform is one of the best plugins available to get your website both GDPR and CCPA compliant. The primary feature of this Cookie Consent plugin is to enable a Cookie Banner that is both GDPR and CCPA compliant on your website. With the help of geo-targeting, different Cookie Banners will be delivered to website users based on their geographic locations.
CookieScript cookie consent tool was tested and approved by 200.000+ websites.
The CookieScript cookie compliance plugin could be used for integration with many systems. See the step-by-step guides on the following cookie compliance plugin integrations:
- Cookie compliance integration for Wordpress and WooCommerce.
- Cookie compliance integration for Shopify.
- Cookie compliance integration for wix.com
- Cookie compliance integration for PrestaShop 1.7
- Cookie compliance integration for Joomla
- Cookie compliance integration for Drupal 8
- Cookie compliance integration for Magento
- Cookie compliance integration for OpenCart
- Cookie compliance integration for SquareSpace
- Cookie compliance integration for Weebly
- Cookie compliance integration for Shopware
Frequently Asked Questions
What is cookie compliance?
What is GDPR cookie compliance?
What is CCPA cookie compliance?
Is my website cookie compliant?
You can find out if your website is cookie compliant with the help of a professional and free CookieScript cookie compliance checker. CookieScript Cookie Scanner has a pre-build database of cookies, which on average covers 80% of your website cookies, which is substantially more than a simple cookie compliance checker would usually do.
Do I need cookie compliance in the US?
In the US, different states have different regulations for cookie compliance. The California CCPA took effect on January 1, 2020. The Virginia VCDPA will go into effect on January 1, 2023. Other states' data privacy laws are in different legislative processes and are supposed to take effect in a near future.
Who is responsible for cookie compliance?
The EU Cookie Law states that a website owner is responsible for first-party cookies. It does not require that you list cookies one by one, only that you state the type, usage, and purpose of cookies. If you use Third-Party Cookies, both you and the third-party are responsible for the cookie compliance.
What are cookie compliance solutions?
There are many cookie consent management platforms, which provide cookie compliance solutions. CookieScript Consent Management Platform provides a reliable and easy-to-use cookie compliance solution, which ensures your business' cookie compliance with Europe's GDPR/ePR, California's CCPA/CPRA, Brasil's LGPD, and other major privacy laws by using geo-targeting.