Learn More About Cookie Consent

What is cookie consent?

Cookie consent is the act of consenting to, rejecting, or specifying the use of cookies on a website by its visitors. Some laws — like the ePrivacy directive and GDPR — require you to obtain a user’s consent before using cookies and allow them to choose which ones they want to allow. Other laws — like the CCPA — only require you to give users an easy way to opt out of cookie usage.

What is a cookie consent banner?

A cookie consent banner is how website owners can easily collect cookie consent from users and allow them to manage which cookies they accept. It is typically positioned at the bottom of a page when users first visit a website and displays three buttons:

• Accept Cookies
• Decline Cookies
• Cookie Preferences

Our tool will automatically generate this banner for you and allow you to customize it to match your website.

When do I need to get user consent to use cookies?

You will need to gain cookie consent from users if:

• You fall under the jurisdiction of laws such as the GDPR or ePrivacy Directive — aka the “EU Cookie Law.”
• Your website uses the types of cookies that are not deemed “essential” under these laws.

Our tool allows you to select which regions you service and whether or not you need to comply with these laws.

When is opt-in consent required?

Various data privacy laws provide consumers the right to opt in to data collection and processing.

Opt-in consent requires you to obtain permission from individuals before you collect or use their personal data.

If your users are from these regions, you must offer opt-in consent:

• 🇺🇸 United States, California* — amended California Consumer Privacy Act (CCPA)
• 🇺🇸 United States, Virginia* — Consumer Data Protection Act (CDPA)
• 🇪🇺 European Union (EU) — General Data Protection Regulation (GDPR)
• 🇦🇷 Argentina — Personal Data Protection Act (PDPA)
• 🇧🇷 Brazil — General Data Protection Law (LGPD)
• 🇨🇦 Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)
• 🇨🇱 Chile — the Protection of Private Life (as amended)
• 🇨🇳 China — Personal Information Protection Law (PIPL)
• 🇨🇴 Colombia — the Data Protection Law (Law 1581)
• 🇨🇿 Czech Republic — Amending Certain Acts in Connection with the Adoption of the Act on the Processing of Personal Data (the Amending Act)
• 🇯🇵 Japan* — Act on the Protection of Personal Information (APPI)
• 🇰🇿 Kazakhstan — Law of the Republic of Kazakhstan on Personal Data and Its Protection (the Personal Data Law)
• 🇲🇾 Malaysia — Personal Data Protection Act 2010 (PDPA)
• 🇲🇽 Mexico — the General Law on Protection of Personal Data Held by Mandated Parties (the Public Sector Law)
• 🇲🇦 Morocco — the Protection of Individuals with Regard to the Processing of Personal Data (the Law)
• 🇳🇬 Nigeria — Nigerian Data Protection Regulation (NDPR)
• 🇵🇭 Philippines — Data Privacy Act of 2012 (DPA)
• 🇸🇬 Singapore — Personal Data Protection Act (PDPA)
• 🇿🇦 South Africa — Protection of Personal Information Act (POPIA)
• 🇰🇷 South Korea — Personal Information Protection Act (PIPA)
• 🇹🇼 Taiwan — Personal Data Protection Act (PDPA)
• 🇹🇷 Turkey — Law on Protection of Personal Data No. 6698 (the Data Protection Law)
• 🇬🇧 United Kingdom (UK) — the Data Protection Act (UK GDPR)

*Regional legislation also requires opt-out consent

You can configure Termly’s cookie consent tool to automate the opt-in process and comply with the above laws.

Some of the above regulations outline a few exceptions to the opt-in consent rules, notably:

• Opt-in consent is not required under certain conditions  (Argentina)
• Consent is explicitly required for marketing and advertising cookies (Canada)
• Consent is not required for basic info (Chile)
• Opt-in consent is required explicitly for third-party cookies (Japan)
• Consent is not required for technical purposes (Mexico)
• Opt-in consent is not required for necessary cookies (Turkey)
• Opt-in rights are only required from legal guardians to sell information about minors between ages 13 and 16 (U.S., California consumers)
• Opt-in consent is required before processing sensitive personal data (U.S., Virginia consumers)

When is opt-out consent required?

On the other hand, some data privacy legislation gives consumers the right to opt out of consent in specific situations.

Opt-out consent means you can set cookies and collect personal information from users, but you must give them an easy-to-find and explicit way to opt out.

If your users live in any of these regions, you must offer them an opt-out consent option:

• 🇦🇺 Australia — the Privacy Act of 1988 (The Privacy Act)
• 🇭🇰 Hong Kong — Personal Data Privacy Ordinance (PDPO)
• 🇮🇳 India — The IT Act and SPDI Rules  (Learn more here)
• 🇯🇵 Japan* — Act on the Protection of Personal Information (APPI)
• 🇳🇿 New Zealand — Privacy Act 2020 (the 2020 Privacy Act)
• 🇨🇭 Switzerland — Federal Act on Data Protection (FADP)
• United States, California* — amended California Consumer Privacy Act (CCPA)
• 🇺🇸 United States, Virginia* — Consumer Data Protection Act (CDPA)

*Regional legislation also requires opt-in consent

You can configure Termly’s cookie consent tool to automate the opt-out process and comply with the above laws.

There are a few exceptions to the opt-out consent rule implemented by some of these pieces of legislation above, for example:

• Consent is required if data gets used for a new purpose (Hong Kong)
• Consent is required before you collect sensitive information (India)
• Opt-out consent is explicitly needed for first-party cookies (Japan)
• Opt-out consent is required explicitly for having personal information shared or sold (U.S., California consumers)
• An opt-out option is required for preventing personal data from being used for targeted advertising (U.S., Virginia consumers)

When are both required?

Some data privacy laws require opt-in and opt-out consent depending on the type of data you collect and how you use it:

• 🇯🇵 Japan — Act on the Protection of Personal Information (APPI)
• 🇺🇸 United States, California* — amended California Consumer Privacy Act (CCPA)
• 🇺🇸 United States, Virginia* — Consumer Data Protection Act (CDPA)

For Japanese consumers, you must obtain opt-in consent before putting third-party cookies or trackers on a user’s browser. But you must also give them a way to opt out of the use of first-party cookies.

California consumers have the right to opt out of having their data sold or shared, limit the use of their sensitive personal information, and opt out of automated decision-making and profiling.

Our cookie consent solution provides you with a compliant “Do Not Sell or Share My Personal Information” link.

The opt-in rights in California only apply to minors between the ages of 13 and 16 — you must give legal guardians a way to opt into the sale of a minor’s personal data.

For Virginia consumers, opt-in consent is required before you can legally process any sensitive personal data. Businesses must allow consumers to opt out of having their personal data used for targeted advertising, which is also achievable using our cookie management platform.

How do I implement a cookie consent solution?

Our cookie consent manager makes your life easy by automatically managing the requirements needed for legitimate cookie consent. We handle the following:

• Discovery, categorization, and blocking of cookies
• Creating your cookie notice and policy
• Keeping consent logs

Some people choose to go with a cookie consent plugin for whatever CMS they are using, but our solution is easier to configure and often offers more features.