Privacy laws

Colorado is the third US state to pass consumers’ privacy legislation. The Colorado Privacy Act was signed into law on July 8th, 2021, and will go into effect on July 1, 2023. Read more details to prepare for compliance.

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. The California Privacy Rights Act (CPRA), which amends the CCPA and includes additional privacy protections for consumers, will take effect on January 1, 2023, and applies to information collected on or after January 1, 2022.

The EU – US Privacy Shield Framework was a legal framework for regulating personal data transfer between the Eu and the US to comply with data protection requirements. However, the European Court of Justice announced that the EU – US Privacy Shield became invalid on 16 July 2020.

The Virginia Consumer Data Protection Act (VCDPA) was signed on March 2, 2021, making Virginia the second state after California to officially instrument comprehensive consumer privacy legislation. The VCDPA will go into effect on January 1, 2023.

2022 brings changes to the cookie guidelines in Italy. Approved in July 2021, the new cookie guidelines have been introduced on January 9, 2022. Published by the Italian Supervisory Authority, the new set of rules will make a big impact on cookies in Italy.

The UK’s Information Commissioner’s Office (ICO) upholds data and information rights for the public within the United Kingdom. The ICO’s role is to both promote openness within the public bodies and to uphold data privacy for individuals.

Nevada’s privacy law, Senate Bill 220, went into effect in October of 2019 and protects the internet privacy rights of the citizens of the state. Any organization that processes data related to the state’s citizens needs to follow the guidelines set forth by the legislation.

The French Data Protection Authority (the CNIL) published an updated version of their cookie guidelines in the fall of 2020. The document covered recommendations for obtaining user consent to store or read non-essential cookies and similar technologies on their devices.

In 2019, the Data Protection Commission (DPC) of Ireland collected information from a swath of popular websites to document their use and deployment of cookies and tracking tools. Their goal was to determine whether or not the organizations were in compliance with existing cookie and tracking tool guidelines.

First passed in 2019, Thailand’s Personal Data Protection Act (PDPA) will finally come into full effect on June 1st, 2022. The PDPA is structured entirely around the idea of end-user consent, which means that websites must obtain express and explicit consent from their users before cookies or tracking tools can be activated. 

The South African population recently gained rights over their personal information. Enforcement of South Africa’s Protection of Personal Information Act (POPIA) began on July 1, 2021, and the law was modeled closely after the European Union’s GDPR. It’s been a long-time coming, as variations of this law have been in the works for almost 20 years.

The Turkish Personal Data Protection Law No. 6698, also known as the KVKK, came onto the books in April of 2016, shortly before the European Union’s GDPR. Both laws were tailored to their region’s court systems and maintain similar objectives.

First enacted in 2001, the Personal Information Protection and Electronic Documents Act (PIPEDA) served as an important first step in safeguarding the privacy rights of Canadians. Two decades on, this cornerstone legislation is now seen as having ”more bark than bite.” That may all change in 2021.

Now that Britain has exited the European Union, website owners are wondering how Brexit will affect the way they handle cookie consents from website visitors in the EU and UK.

Following a series of delays, Brazil's LGPD is now in effect. President Jair Bolsonaro issued a provisional measure that would have postponed the effective date of the LGPD until May 3, 2021. In an unexpected move, the Senate rejected the president’s provisional measure. 

While Europe's replacement for 2002's “Cookie Directive” has yet to pass through the European Parliament, it’s only a matter of time before the ePR (ePrivacy Regulation) becomes law. So, what does this legislation and Cookie Consent mean for your business? 

Starting January 1st, 2020, businesses transacting with California residents need to ensure their data collection practices comply with the California Consumer Privacy Act (CCPA). CookieScript has put together this helpful guide that will answer everything you need to know about the CCPA and how it will impact your business.

In Europe, years of preparation and speculation came to a head, when the General Data Protection Regulation (GDPR) became law in May of 2018. It’s now been on the books for a few years. GDPR replaced outdated data protection regulation that was nearly 20 years old. 

On the 3rd of June 2014, Italian Data Protection Authority (DPA) has published official instructions for websites on how users should be informed about cookie usage. In this article, you will find a summary of those instructions and a checklist to make sure your website is compliant with Italian Cookie Law.