List of Laws that Impact Consent Banners

Get a FREE Consent Banner
List-of-Laws-that-Impact-Consent-Banners-01

Over 120 countries around the world are protected by consumer data privacy laws, and many of them impact if and how your business uses a consent banner.

Below, I list all laws that outline requirements or rules that impact cookie consent banners and provide information about why this little pop up helps protect your site in big ways.

Table of Contents
  1. List of Laws That Impact Consent Banners
  2. Do Websites Need Consent Banners?
  3. How Termly Helps Businesses with Consent Management
  4. Summary

Nearly every corner of the globe is protected by privacy laws that require consent banners.

Don’t believe me? Here’s my massive list of active data privacy laws that impact if and when a website needs to use a consent banner, including which region the law protects:

  1. Albania: Albanian Law on Personal Data Protection
  2. Angola: Angola Data Protection Law
  3. Argentina: Argentina Personal Data Protection Act (PDPA)
  4. Australia: Australia Privacy Act
  5. Brazil: Brazil General Data Protection Law (LGPD)
  6. California (U.S.): California Consumer Privacy Act (CCPA)
  7. California (U.S.): California Privacy Rights Act (CPRA)
  8. Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
  9. Chile: Chile Personal Data Protection Law
  10. China: China Personal Information Protection Law (PIPL)
  11. Colombia: Colombia Data Protection Law (Law 1581 of 2012)
  12. Colorado (U.S.): Colorado Privacy Act (CPA)
  13. Connecticut (U.S.): Connecticut Data Privacy Act (CTDPA)
  14. Costa Rica: Costa Rica Law for the Protection of Individuals Regarding the Processing of Personal Data
  15. Egypt: Egypt Personal Data Protection Law (Law No. 151 of 2020)
  16. EU/EEA: European General Data Protection Regulation (GDPR)
  17. Hong Kong: Hong Kong Personal (Data) Ordinance (PDPO)
  18. India: India Personal Data Protection Act (PDPB)
  19. Indonesia: Indonesia Personal Data Protection Law
  20. Israel: Israel Protection of Privacy Law (PPL)
  21. Japan: Japan Act on the Protection of Personal Information (APPI)
  22. Kenya: Kenya Data Protection Act
  23. Mexico: Mexico Federal Law on the Protection of Personal Data Held by Private Parties
  24. Montana (U.S.): Montana Consumer Data Privacy Act (MCDPA)
  25. Nevada (U.S.): Nevada Privacy Law (SB220)
  26. New Zealand: New Zealand Privacy Act
  27. Nigeria: Nigeria Data Protection Regulation (NDPR)
  28. Philippines: Philippines Data Privacy Act (DPA)
  29. Russia: Russia Federal Law on Personal Data
  30. Saudi Arabia: Saudi Arabia Personal Data Protection Law
  31. Singapore: Singapore Personal Data Protection Act (PDPA)
  32. South Africa: South Africa Protection of Personal Information Act (POPIA)
  33. South Korea: South Korea Personal Information Protection Act (PIPA)
  34. Switzerland: Switzerland Federal Act on Data Protection (FADP)
  35. Taiwan: Taiwan Personal Data Protection Act
  36. Texas (U.S.): Texas Data Privacy and Security Act (TDPSA)
  37. Thailand: Thailand Personal Data Protection Act (PDPA)
  38. Tunisia: Tunisia Organic Law on the Protection of Personal Data
  39. Turkey: Turkey Personal Data Protection Law (KVKK)
  40. Uganda: Uganda Data Protection and Privacy Act
  41. UAE: United Arab Emirates Personal Data Protection Law
  42. United Kingdom: United Kingdom Data Protection Act 2018
  43. U.S. (federal law): United States Children’s Online Privacy Protection Act (COPPA)
  44. Utah (U.S.): Utah Consumer Privacy Act (UCPA)
  45. Virginia (U.S.): Virginia Consumer Data Protection Act (VCDPA)
  46. Zambia: Zambia Data Protection Bill

While this list features 46 laws, it includes regulations like the GDPR, which applies to all 27 EU member states and additional countries that are part of the EEA.

U.S. state laws, on the other hand, are individually listed because they only apply to people in those regions and have different guidelines and requirements.

How Do These Laws Impact Consent Banners

While these 46 laws are unique, they all require one of the following regarding consent management for businesses:

  • Opt-in consent: Laws like the GDPR require you to obtain active, affirmative opt-in consent to collect and process personal data.
  • Opt-out consent: Laws like the TDPSA require you to provide ways for users to opt out of certain types of data processing, like selling data.
  • Both: Laws like the CCPA require you to obtain opt-in consent for processing sensitive information, and gives users the right to opt out of targeted advertising.

A reputable consent banner should have regional settings available so you can configure it to appear to users in specific areas based on applicable opt-in or opt-out requirements.

For example, Termly’s consent banner is configurable to meet requirements in over 80 regions around the world.

Do These Privacy Laws Apply to Your Business?

You can tell if a privacy law applies to your business by answering the following questions and then comparing your answers to the different legal thresholds of relevant laws:

  • Where are you located? Many laws apply to businesses based in specific regions, like the GDPR, which covers any entity in the EU or EEA.
  • Where do your users come from? Certain laws apply to you if you have users from specific regions and collect their data, like the GDPR.
  • How much data do you collect annually? Some laws have data collection threshold limits, like the CCPA, which applies if you collect data from more than 100,000 users.
  • What is your annual revenue? Privacy laws sometimes apply if you earn a certain amount in a calendar year, like the CCPA.
  • Do you make money from selling personal data? Some laws apply if you earn more than 25% of annual revenue from selling or sharing data, like the CCPA and VCDPA.

Once you’ve answered all these questions, it’ll be much easier to review the different laws and verify if they apply to your business and consumers.

It’s important to ensure you comply with all privacy laws affecting your business. Otherwise, you risk facing the following penalties for noncompliance:

  • Large fines
  • The cessation of data collection and processing
  • Damage to brand reputation
  • Loss of customer trust
  • Civil lawsuits
  • Possible jail time

Your website should have a consent banner for two crucial reasons:

  • Legal compliance
  • Build customer trust

I’ve already presented you with a list of 47 laws that impact your use of a consent banner and explained the different penalties for noncompliance, so I expect not much more explanation is needed for number one.

As for building customer trust, presenting your users with a consent banner allows them to read about your privacy practices.

Doing this lets them make more informed choices, and your consumers will feel reassured that you’re honest about what data you collect from them and what you want to do with it.

A recent Termly survey shows that 78.1% of businesses felt no negative impact from privacy requirements.

When asked what impact cookie consent banners had on their business, 89.2% said it had a positive or no noticeable impact.

Building trust is necessary for customer loyalty and growth, and presenting users with a consent banner is an easy, legally compliant way to foster this relationship.

Termly offers a Consent Management Platform configurable to comply with the opt-in and opt-out requirements outlined by every law I listed in this guide.

Our CMP provides regional consent settings, so users are presented with a compliant consent banner based on location.

It’s easy to use and customizable, and it even features multi-language support so your users are presented with a consent banner in their native language.

Summary

Cookie consent banners are required by several different privacy laws from around the world, but they also show consumers that you are a privacy-literate website.

Consent banners give users a chance to make an informed choice regarding how you collect, process, and use their personal information.

Add one to your website to show your users you respect their data privacy and take legal compliance seriously.

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources

Enter Your Website URL

In order to help you create a cookie solution that is GDPR and Cookie Law compliant, we must first scan your website for cookies.