Privacy laws

The Delaware Personal Data Privacy Act (DPDPA) is a data privacy law which was signed into law and comes into effect on January 1, 2025. Find out the details.

The EU proposed a new Financial Data Access framework, that is opening up data across financial services. Read more to prepare for it.

Iowa Consumer Data Protection Act will take effect on January 1, 2025. Get ready for it now.

Florida Digital Bill of Rights (FDBR) became effective on July 1, 2024. Read this blog article to learn if it applies to your business and how to comply with it.

The Artificial Intelligence Act (AI Act) is a new EU law regulating the usage of AI. The AI Act will go into effect on 1 August 2024. Read more to get ready for it!

The Texas Data Privacy and Security Act (TDPSA) was signed in 2023 and comes into effect on July 1, 2024. Read the blog to get ready for it.

Tennessee Information Protection Act (TIPA) was signed into law on May 11, 2023, and will take force on July 1, 2025. Read this blog to get ready for it!

The Digital Markets Act (DMA) is an important data privacy law regulating the operations of digital platforms in the EU. Read the blog to find out more details.

In South Korea, the Personal Information Protection Act (PIPA) came into effect in 2011 and underwent an amendment on September 15, 2023. Read more about what are the key principles and what are business obligations.

On 10 July 2023, the European Commission adopted its decision on the revised EU – US Data Privacy Framework, which entered into force immediately. Read about its impact on companies.

On September 22, 2022, the first phase of Quebec’s Privacy Law 25 came into effect. Additional requirements will come into effect in 2023 and then in 2024. Find out more.

In September 2023, a new data privacy law in Switzerland will take effect. Switzerland’s Federal Act on Data Protection (FADP) will go into force, replacing the outdated 1992 Act.

If your business is registered in Australia or you have customers in Australia, you must comply with Australia's Privacy Act of 1988. Read the article about it.

The “Do Not Sell My Personal Information” page is one of CCPA’s principal requirements. Read the guide on when to use it, where to place it, and how to use it correctly.

Utah Consumer Privacy Act was passed and will go into effect on December 31, 2023. It is considered the most business-friendly data privacy act in the US.

Connecticut’s new data privacy law will go into effect on July 1, 2023.  Read more about it and the privacy law requirements.

Saudi Arabia's Personal Data Protection Law will go into effect on March 17, 2023. Learn more about it and how to prepare for your website's cookie compliance.

Legitimate interest s a legal basis for processing personal data under the GDPR. However, it could be a confusing concept, and website owners are often unsure how to implement it correctly.

The UK Data Protection Act 2018 is the UK’s implementation of the EU General Data Protection Regulation. Read this DPA 2018 checklist to comply with the law.

After Brexit, the Data Protection Act 2018 is the UK’s implementation of the GDPR. Find out more about the DPA 2018 and how it’s different from the EU GDPR.

On 27 September 2022, Michigan Senators introduced Senate Bill 1182, which would create the Michigan Personal Data Privacy Act. Read more about it.

On July 14, 2022, the Danish DPA imposed a ban on the use of Google Workspace in Helsingør municipality in Denmark. This is the first time when such a decision regarding the Google Workspace for Education compliance with the GDPR was issued.

The Digital Services Act (DSA) will take effect starting 1 January 2024, and will try to limit the spread of illegal content online. It is expected that the DSA will set new rules for a more safe online environment, especially Big Tech.

Denmark’s DPA Datatilsynet announced that Google Analytics is not compliant with the EU General Data Protection Regulation due to the data transfer between the EU and the USA. Read more about it.

The Privacy and Electronic Communications Regulations (PECR) is a law in the United Kingdom, which sits alongside the Data Protection Act and the UK GDPR and provides people privacy rights in relation to electronic communications.

Colorado is the third US state to pass consumers’ privacy legislation. The Colorado Privacy Act was signed into law on July 8th, 2021, and will go into effect on July 1, 2023. Read more details to prepare for compliance.

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. The California Privacy Rights Act (CPRA), which amends the CCPA and includes additional privacy protections for consumers, will take effect on January 1, 2023, and applies to information collected on or after January 1, 2022.

The EU – US Privacy Shield Framework was a legal framework for regulating personal data transfer between the Eu and the US to comply with data protection requirements. However, the European Court of Justice announced that the EU – US Privacy Shield became invalid on 16 July 2020.

The Virginia Consumer Data Protection Act (VCDPA) was signed on March 2, 2021, making Virginia the second state after California to officially instrument comprehensive consumer privacy legislation. The VCDPA will go into effect on January 1, 2023.

2022 brings changes to the cookie guidelines in Italy. Approved in July 2021, the new cookie guidelines have been introduced on January 9, 2022. Published by the Italian Supervisory Authority, the new set of rules will make a big impact on cookies in Italy.

The UK’s Information Commissioner’s Office (ICO) upholds data and information rights for the public within the United Kingdom. The ICO’s role is to both promote openness within the public bodies and to uphold data privacy for individuals.

Nevada’s privacy law, Senate Bill 220, went into effect in October of 2019 and protects the internet privacy rights of the citizens of the state. Any organization that processes data related to the state’s citizens needs to follow the guidelines set forth by the legislation.

The French Data Protection Authority (the CNIL) published an updated version of their cookie guidelines in the fall of 2020. The document covered recommendations for obtaining user consent to store or read non-essential cookies and similar technologies on their devices.

In 2019, the Data Protection Commission (DPC) of Ireland collected information from a swath of popular websites to document their use and deployment of cookies and tracking tools. Their goal was to determine whether or not the organizations were in compliance with existing cookie and tracking tool guidelines.

First passed in 2019, Thailand’s Personal Data Protection Act (PDPA) will finally come into full effect on June 1st, 2022. The PDPA is structured entirely around the idea of end-user consent, which means that websites must obtain express and explicit consent from their users before cookies or tracking tools can be activated. 

The South African population recently gained rights over their personal information. Enforcement of South Africa’s Protection of Personal Information Act (POPIA) began on July 1, 2021, and the law was modeled closely after the European Union’s GDPR. It’s been a long-time coming, as variations of this law have been in the works for almost 20 years.

The Turkish Personal Data Protection Law No. 6698, also known as the KVKK, came onto the books in April of 2016, shortly before the European Union’s GDPR. Both laws were tailored to their region’s court systems and maintain similar objectives.

First enacted in 2001, the Personal Information Protection and Electronic Documents Act (PIPEDA) served as an important first step in safeguarding the privacy rights of Canadians. Two decades on, this cornerstone legislation is now seen as having ”more bark than bite.” That may all change in 2021.

Now that Britain has exited the European Union, website owners are wondering how Brexit will affect the way they handle cookie consents from website visitors in the EU and UK.

Following a series of delays, Brazil's LGPD is now in effect. President Jair Bolsonaro issued a provisional measure that would have postponed the effective date of the LGPD until May 3, 2021. In an unexpected move, the Senate rejected the president’s provisional measure. 

While Europe's replacement for 2002's “Cookie Directive” has yet to pass through the European Parliament, it’s only a matter of time before the ePR (ePrivacy Regulation) becomes law. So, what does this legislation and Cookie Consent mean for your business? 

Starting January 1st, 2020, businesses transacting with California residents need to ensure their data collection practices comply with the California Consumer Privacy Act (CCPA). CookieScript has put together this helpful guide that will answer everything you need to know about the CCPA, CCPA meaning, and how it will impact your business.

In Europe, years of preparation and speculation came to a head, when the General Data Protection Regulation (GDPR) became law in May of 2018. It’s now been on the books for a few years. GDPR replaced outdated data protection regulation that was nearly 20 years old. 

On the 3rd of June 2014, Italian Data Protection Authority (DPA) has published official instructions for websites on how users should be informed about cookie usage. In this article, you will find a summary of those instructions and a checklist to make sure your website is compliant with Italian Cookie Law.