Which Laws Does Termly Cover?

By: Etienne Cussol CIPP/E, CIPM Etienne Cussol CIPP/E, CIPM | Updated on: June 7, 2024

Try Termly For Free!
Which-Law-Does-Termly-Cover-01

When we call ourselves your all-in-one compliance solution, we mean it.

Our legal team and data privacy experts created our Policy Generators and Consent Management Platform to help small to medium-sized businesses around the globe comply with legislation like the:

And that’s just the tip of the iceberg.

In just a few clicks, you can configure our Consent Management Platform to follow regulations in over 80 regions.

Read on to learn about every data privacy law, regulation, and piece of legislation that Termly covers.

Table of Contents
  1. What Services Does Termly Offer?
  2. Which Laws Does Termly Cover?
  3. How Do We Stay Up To Date With New Laws?
  4. How Often Do We Update Our Services?
  5. Summary

What Services Does Termly Offer?

We provide customizable and personalized legal agreements, website policies, and other documents necessary for businesses to operate safely and legally online.

Our main expertise is in privacy compliance, but we also offer recommended documents like terms and conditions, return policies, and shipping policies to help improve your internal procedures and streamline customer services.

The table below shows a complete list of our current offerings.

Policy Generators Free Templates Consent Management
Privacy Policy Generator Privacy Policy Template Consent Management Platform
Terms and Conditions Generator Terms and Conditions Template Cookie Banners
Cookie Policy Generator Cookie Policy Template Cookie Scanner
End-user License Agreement Generator End-use License Agreement Template Cookie Consent Manager
Disclaimer Generator Disclaimer Template Data Subject Access Request (DSAR) Forms
Shipping Policy Generator Shipping Policy Template
Return Policy Generator Return Policy Template
Acceptable Use Policy Generator Acceptable Use Policy Template
Data Processing Agreement Generator* Data Processing Agreement Template*

*Coming soon

Despite how common most of these documents are, they’re still challenging to make and take up a lot of precious time, resources, and energy — especially if you fall under the jurisdiction of different data privacy or consumer protection laws.

To remove those burdens from your plate, we created easy-to-use, accessible, and legally compliant tools and policy generators so you can make effective policies quickly and affordably.

Which Laws Does Termly Cover?

Our privacy policy generator covers the following 26 data privacy laws and regulations:

  • General Data Protection Regulation (GDPR)
  • UK GDPR
  • ePrivacy Directive (EU Cookie Law)
  • Amended California Consumer Privacy Act (CCPA)
  • California Online Privacy Protection Act (CalOPPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA)
  • Delaware Personal Data Privacy Act (DPDPA)
  • Florida Digital Bill of Rights (FDBR)
  • Indiana Consumer Data Protection Act (Indiana CDPA)
  • Iowa Consumer Data Protection Act (Iowa CDPA)
  • Kentucky Consumer Data Protection Act (KCDPA)
  • Montana Consumer Data Privacy Act (MCDPA)
  • New Hampshire Data Privacy Law (NHDPL)
  • New Jersey Data Privacy Act (NJDPA)
  • Oregon Consumer Privacy Act (OCPA)
  • Tennessee Information Protection Act (TIPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Virginia Consumer Data Protection Act (CDPA)
  • Utah Consumer Privacy Act (UCPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Quebec’s Law 25
  • Revised Switzerland Federal Act on Data Protection (FADP)
  • Australia Privacy Act 1988
  • New Zealand Privacy Act 2020
  • South Africa’s Protection of Personal Information Act (POPIA)

You can configure our consent management solution to comply with regulations in these regions:

  • United States
  • European Union
  • Argentina
  • Australia
  • Brazil
  • Canada
  • Chile
  • China
  • Colombia
  • Czech Republic
  • Hong Kong
  • India
  • Japan
  • Kazakhstan
  • Malaysia
  • Mexico
  • Morocco
  • New Zealand
  • Nigeria
  • Philippines
  • Singapore
  • South Africa
  • South Korea
  • Switzerland
  • Taiwan
  • Turkey
  • United Kingdom

Both of these lists constantly evolve because we update our compliance solutions whenever laws change or if new ones come into force — we mention a few regulations and developments we’re already preparing for later in this article.

Not Legally Required

Agreements like your terms and conditions, return policy, and shipping policy technically aren’t required by any pieces of legislation. But using them is a best practice that helps protect your company and creates a better overall user experience for your consumers.

We built our tools to help you comply with consumer protection laws enforced by groups like the:

  • Federal Trade Commission (FTC) —  US
  • Competition and Markets Authority (CMP) — UK 

Policy Generators

In the next sections, we briefly summarize how some of the laws mentioned above apply to our policy generators.

General Data Protection Regulation (GDPR)

Where It Applies

The GDPR originates from the European Union (EU) and protects the rights of citizens in the EU and the European Economic Area (EEA), but it has an extraterritorial scope and covers businesses outside of traditional territorial boundaries.

What It Effects

What the GDPR Effects Requirements Termly’s Solutions
Privacy Policy You’re obligated to inform consumers about:

  • What personal data you collect
  • How it’s collected
  • Your legal basis for each category of data
  • How long the data is stored
  • Who it’s shared with or sold to
Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. Consent Management Platform
Cookie Policy Cookies and other trackers qualify as personal information under the GDPR. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, put a privacy clause in your EULA with a link to your privacy policy to adequately inform consumers about your privacy practices EULA Generator and EULA Template
Data Processing Agreements (DPA) If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the GDPR, which can be achieved using a DPA. Termly solutions coming soon!
Data Subject Access Request (DSAR) form Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. Free DSAR form for all Termly users
Terms and Conditions Agreement You must inform consumers about your privacy practices, which should be outlined in a privacy clause in your terms, and include a live link to your privacy policy. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

GDPR applies to any organization that collects, processes, or stores the personal data of individuals located in the European Union, Island, Norway, Lichtenstein or Switzerland(EU), regardless of where the organization is located. This includes businesses, non-profits, and government agencies, whether they are based within or outside the EU.

Additionally, data processors that handle personal data on behalf of organizations that are subject to GDPR must also comply with its regulations

Effective Date

Approved in 2016, in force since May 25, 2018

Description 

Known as the world’s strictest data privacy regulation, the GDPR has a global impact and requires businesses that collect personal information from EU and EEA users to:

  • Establish lawfull basis for data processing before any data collection beings
  • Give users a way to opt-out of consent at any time
  • Provide a means for users to follow through on their rights to amend, correct, access, or delete their personal information
  • Inform consumers about data collection practices using a GDPR-compliant privacy policy
  • Create contacts or DPAs with any third party entities that have access to user data

ePrivacy Directive (EU Cookie Law)

Where It Applies

The EU Cookie Law Originates from the EU and protects the rights of EU citizens. Because this is a directive, it requires Member States to achieve specific results without explicitly saying how, allowing each location to attain the goals in unique ways.

What It Effects

What the ePrivacy Directive Effects Requirements Termly’s Solutions
Privacy Policy You must include details about your use of cookies or other trackers in your privacy policy because they qualify as personal information. Privacy Policy Generator and Privacy Policy Template
Consent Management Businesses under this directive must obtain consent from consumers before placing cookies or other trackers on their browsers. Consent Management Platform
Cookie Policy Consumers have the right to be informed, so you must provide an accurate cookie policy. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, include a cookie clause in your EULA with a live link to your cookie policy to avoid fines for noncompliance. EULA Generator and EULA Template
Terms and Conditions Agreement It’s a best practice to add a cookie clause to your terms with a live link to your cookie policy to avoid noncompliance under this regulation. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

Any website with visitors from the EU that uses cookies or other tracking technology falls under the EU Cookie Law.

Effective Date

May 2011

Description

The ePrivacy Directive provides provisions on how entities can process personal data and requires businesses to protect the information.

Additionally, the directive outlines guidance on:

  • Network and service security
  • Keeping communications confidential
  • Access to personal data
  • Processing traffic and location data
  • Spam or unsolicited communications
  • Caller identification
  • Public directories
  • Notification of data breaches
  • Electronic tags and trackers, like cookies or other technology

Data Protection Act of 2018 (UK GDPR)

Where It Applies

The UK GDPR originates in the United Kingdom and protects the rights of UK citizens, but it has an extraterritorial scope and covers entities beyond traditional territorial boundaries.

What It Effects

What the UK GDPR Effects Requirements Termly’s Solutions
Privacy Policy You must inform users about:

  • What personal data you collect
  • How it’s collected
  • The legal basis for each category of data
  • How long you store the data for
  • Who it’s shared with or sold to
Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. Consent Management Platform
Cookie Policy Cookies and other trackers qualify as personal information under the UK GDPR. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, put a privacy clause in your EULA with a link to your privacy policy to inform consumers about your privacy practices. EULA Generator and EULA Template
Data Processing Agreements (DPA) If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the UK GDPR, which can be achieved using a DPA. Termly solutions coming soon!
Data Subject Access Request (DSAR) form Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. Free DSAR form for all Termly users
Terms and Conditions Agreement To keep users informed about your privacy practices, put a privacy clause in your terms and include a live link to your privacy policy. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

Any organization offering goods or services to UK citizens who process their personal data falls under the jurisdiction of the UK GDPR.

Effective Date

January 1, 2021

Description

The UK GDPR essentially mirrors the EU GDPR, but it accounts for domestic areas of UK law.

According to the Information Commissioner’s Office (ICO), the UK version of the regulation incorporated all provisions of the EU GDPR, so the data privacy requirements are the same.

Amended California Consumer Privacy Act (CCPA)

Where It Applies:

The CCPA protects the rights of Californian citizens in the United States but has an extraterritorial scope.

In January 2023, the California Privacy Rights Act (CPRA) officially amended portions of the CCPA. All changes are currently in force.

What It Effects:

What the amended CCPA Effects Requirements Termly’s Solutions
Privacy Policy You’re obligated to inform consumers:

  • That you collect personal information
  • What personal information you collect
  • Who it’s shared with or sold to
  • Why you collect the information
Privacy Policy Generator and Privacy Policy Template
Consent Management You must provide consumers with a way to opt out of data collection using visible privacy settings. Consent Management Platform
Cookie Policy Cookies qualify as personal information, and consumers have the right to know which ones your site uses. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, it’s a best practice to include a California-specific privacy clause in your EULA and link to your privacy policy. EULA Generator and EULA Template
Data Processing Agreements (DPA) If any third-party entities process your consumers’ data, you must create specific contacts or DPAs with them that follow the guidelines outlined by this law. Termly solutions coming soon!
Data Subject Access Request (DSAR) form Use a DSAR form to give your users a way to act on their privacy rights, like requesting to access or delete their personal information. Free DSAR form for all Termly users
Terms and Conditions Agreement It’s a best practice to add a California-specific privacy clause in your terms and include a live link to your privacy policy. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

The CCPA as amended applies to any for-profit entity doing business in California that meets any one of the following thresholds:

  • Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
  • Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
  • Derived 50% or more of your gross annual revenue from the selling or sharing of personal information

Effective Date

Originally enacted on January 1, 2020, the CPRA amendments went into force on January 1, 2023

Description

The amended CCPA obligates businesses to inform consumers that personal data is collected and provide a way for them to opt out of the collection using visible privacy settings.

You must also implement the following links on your website or app, which are available through our consent management tools:

California Online Privacy Protection Act (CalOPPA)

Where It Applies

CalOPPA protects the rights of California citizens in the US but has an extraterritorial scope.

What It Effects

What CalOPPA Effects Requirements Termly’s Solutions
Privacy Policy You must inform users about:

  • The effective date of the policy
  • The types of personal information you collect
  • How you’ll share updates to the policy
  • How they can request to review or delete their information
  • If you share the data with third parties
  • If ‘Do-Not-Track’ requests are honored or not
Privacy Policy Generator and Privacy Policy Template

Who It Effects

This law applies to any website with visitors from California.

Effective Date

July 1, 2004

Description

CalOPPA requires websites to post compliant privacy policies and impacts how they’re presented, phrased, and implemented. They must be easy to find, navigate through, and read.

The Colorado Privacy Act (CPA)

Where It Applies

The CPA applies to residents of the state of Colorado acting in an individual or household context.

It excludes anyone in the state for business or work, including job candidates and beneficiaries of someone acting in a commercial or employment context.

What It Effects

What CPA Effects Requirements Termly’s Solutions
Privacy Policy You’re obligated to disclose to consumers:

  • The categories of personal data you collect
  • The purpose for the data collection
  • How and where consumers can exercise their rights
  • The categories of personal data shared with third parties
  • The categories of third parties the data gets shared with
  • If you sell personal data or use it for targeted advertising
Privacy Policy Generator and Privacy Policy Template
Consent Management You must provide users with a way to opt out of the sale of their personal information and targeted advertising. Consent Management Platform
Cookie Policy If you use cookies for targeted advertising or the sale of personal data, you must disclose this in your cookie policy and describe how consumers can follow through on their opt out rights. Cookie Policy Generator and Cookie Policy Template
End-user License Agreement (EULA) If you sell software, it’s a best practice under the CPA to create a EULA and link it to your privacy policy. EULA Generator and EULA Template
Data Processing Agreement (DPA) Data controllers and processors must both sign a contract or DPA that meets specific guidelines outlined by the law. Termly Solutions Coming Soon!
Data Subject Access Request Form (DSAR) Consumers have the right to request to access, delete, or correct the data you collect on them, and providing a DSAR form is one way to meet these legal obligations. Free DSAR form for all Termly users
Terms and Conditions It’s a best practice to include a link to your privacy policy in your Terms and Conditions agreement. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

Businesses must comply with the CPA if they conduct business in the state or sell products or services to Colorado residents and meet one or more of the following:

  • Processes or controls the personal data of  more than 100,000 consumers in a year
  • Derives revenue or receives discounts from the sale of personal data and controls or processes the data of at least 25,000 consumers

Effective Date

July 1, 2023

Description

The CPA acts as Colorado’s comprehensive consumer data privacy law. It protects the personal data of Colorado residents and grants them rights regarding how that data gets collected, processed, and used.

For example, Colorado consumers can opt out of the sale of their data, targeted advertising, and profiling in the furtherance of decisions that produce legal or similarly significant effects.

The Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA)

Where It Applies

The CTDPA originates in the U.S. state of Connecticut and protects the privacy rights of consumers who are residents of the state.

It excludes anyone living in Connecticut in an employment or commercial context.

Who It Effects

Entities that conduct business in Connecticut or who target services or products to residents of the state and who meet either of the following provisions must follow the CTDPA:

  • Processes or controls the personal data of 100,000 or more consumers
  • Processes or controls the personal data of 25,000 or more consumers and earns more than 25% total revenue through the sale of data

However, data processed solely for the purpose of completing a payment transaction is exempt.

What It Effects

What CTDPA Effect Requirements Termly’s Solutions
Privacy Policy Businesses must inform consumers about:

  • The categories of data collected and processed
  • The purpose for processing the data
  • How consumers can act on their privacy rights
  • What type of personal data is shared with third parties
  • The categories of third parties data is shared with
  • How to contact the data controller online
Privacy Policy Generator and Privacy Policy Template
Consent Management The Connecticut law gives consumers opt-out rights regarding targeted advertising and the sale of their data, and you must provide an easy way for them to do so. Consent Management Platform
Cookie Policy If you sell data collected through cookies or use them for targeted advertising, you must explain this in your cookie policy and provide a way for consumers to opt out. Cookie Policy Generator and Cookie Policy Template
End-use License Agreement (EULA) Those selling software to Connecticut residents should create a EULA and include a live link to their privacy policy within it. EULA Generator and EULA Template
Data Processing Agreement (DPA) Controllers and processors must sign contracts or DPAs that meet specific guidelines described by the law. Termly Solutions Coming Soon!
Data Subject Access Request Form (DSAR) Using a DSAR form allows your consumers to easily follow through on their privacy rights to access, correct, or delete their personal data. Free DSAR form for all Termly users
Terms and Conditions To protect your business, it’s a best practice to link your privacy policy within a terms and conditions agreement. Terms and Conditions Generator and Terms and Conditions Template

Effective Date

July 1, 2023

Description

The CTDPA protects the personal data of Connecticut residents and gives them rights over how their personal information gets collected, processed, and used by covered entities.

Consumers can request information about if their data is being processed and can opt out of specific processing activities, like targeted advertising.

It also requires online entities to honor universal opt out preference signals set on consumer browsers by January 1, 2025.

The Virginia Consumer Data Protection Act (CDPA)

Where It Applies

The Virginia CDPA protects the rights of Virginia consumers in the US but has an extraterritorial scope.

What It Effects

What the Virginia CDPA Effects Requirements Termly’s Solutions
Privacy Policy You must provide consumers with a clear, reasonably accessible, and meaningful privacy policy and present and explain all consumer rights in a straightforward manner. Privacy Policy Generator and Privacy Policy Template
Consent Management You’re obligated to provide a manner in which consumers can opt out of the selling of their data to third parties or the processing of personal data for targeted advertising. Consent Management Platform
Cookie Policy Because cookies qualify as personal information under this law, you must provide users with an accurate policy outlining all cookies and trackers your site uses. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, you should include a privacy clause in your EULA and put a live link to your privacy policy so users can access the agreement EULA Generator and EULA Template
Data Processing Agreements (DPA) If any third party entities process your users’ data, you must create contacts following guidelines outlined by the CDPA, which is achievable using a DPA. Termly solutions coming soon!
Data Subject Access Request (DSAR) form You must provide users with a clear means for following through on their rights to request to access, correct, or delete their data, which is attainable with DSAR forms. Free DSAR form for all Termly users

Who It Effects

Persons or entities doing business in Virginia or producing products and services targeted to Virginia residents who meet one of the following thresholds fall under this law:

  • Controls or processes the personal data of at least 100,000 consumers
  • Derives 50% of gross revenue from the sale of personal data and controls or processes the personal data of at least 25,000 consumers

Effective Date

January 1, 2023

Description

This Virginia state law is similar to the CCPA and outlines consumer privacy rights and describes business obligations regarding data collection, processing, use, and storage.

Entities under the CDPA must also comply with requirements of proportionality and necessity and establish security safeguards to protect personal information.

Utah Consumer Privacy Act (UCPA)

Where It Applies

Utah’s comprehensive consumer data privacy law protects the personal data of residents of the U.S. state of Utah.

What It Effects

What The UCPA Effects Requirements Termly’s Solutions
Privacy Policy You must inform consumers about:

  • What personal data you process
  • Your purpose for the processing
  • How consumers can act on their rights
  • What types of personal data you share with third parties
  • The types of third parties you share data with
Privacy Policy Generator and Privacy Policy Template
Consent Management Under the UCPA, consumers have the right to opt out of certain types of data processing, including the sale of their data and targeted advertising. Consent Management Platform
Cookie Policy If you use cookies to sell personal data or for targeted advertising, you must inform your users protected by the UCPA and provide them with a way to opt out. Cookie Policy Generator and Cookie Policy Template
End-user License Agreement (EULA) If you sell software, it’s a best practice to include a live link to your privacy policy within your EULA. EULA Generator and EULA Template
Data Processing Agreement (DPA) Data processors and controllers must use contracts, or DPAs, that meet the requirements outlined in the UCPA. Termly solutions coming soon!
Data Subject Access Request (DSAR) Form You must provide your users with a way to follow through on their rights under the UCPA, including the right to request to access or delete their data, and posting a DSAR form can help you meet this legal requirement. Free DSAR form for all Termly users

Who It Affects 

Businesses must comply with the UCPA if they conduct business in the state or target services to Utah residents and meet all of the following thresholds:

  • Has a gross annual revenue of at least $25 million
  • Controls or processes the personal data of at least 100,000 consumers or earns 50% or more revenue from the sale of personal data and controls or processes information from at least 25,000 consumers

Effective Date 

December 31, 2023

Description:

Under the UCPA, businesses must provide consumers with a comprehensive privacy policy and describe how they can opt out of certain types of data processing.

Additionally, data controllers and processors must use specific contracts meeting obligations outlined by Utah’s new law. Both entities must also implement proper security measures to protect consumer data.

Personal Information Protection and Electronic Documents Act (PIPEDA)

Where It Applies

PIPEDA protects the rights of Canadian citizens except for those in:

  • Alberta
  • Columbia
  • Quebec

But it does apply if the organization collecting the data performs federal work or the personal information crosses provincial borders for commercial activity.

It also does not cover citizens from:

  • New Brunswick
  • Newfoundland
  • Labrador
  • Nova Scotia
  • Ontario

This is primarily regarding health data, which is protected by specific provincial health laws in those regions.

The law is ambiguous about its extraterritorial scope. Still, the Federal Court of Canada found it may apply to businesses if there’s a substantial connection between the other party and Canada.

What It Effects

What PIPEDA Effects Requirements Termly’s Solutions
Privacy Policy Using a privacy policy allows you to state the purpose for data collection, which is one of the fair information principles of PIPEDA. Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain consent from users before any data collection, use, or disclosure of the information occurs. Consent Management Platform
Cookie Policy Cookies qualify as personal information under this law, so you must present users with a clear description of all cookies or trackers your site uses. Cookie Policy Generator and Cookie Policy Template

Who It Effects

Any organization that collects and uses personal information in connection with commercial activities, including selling or sharing donors, membership, or fundraising lists, falls under PIPEDA.

Effective Date

January 1, 2001

Description

While PIPEDA has a more limited scope than other data privacy legislation, businesses under this law must follow the 10 fair information principles:

  1. Accountability: Your business is responsible for the personal information it stores and must appoint someone to ensure your organization’s compliance.
  2. Identifying Purposes: You must state the purposes for data collection before or at the time of data collection.
  3. Consent: You must obtain implicit or explicit consent to collect, use, and share personal information, either opt-in or opt-out depending on the sensitivity of the data collected.
  4. Limiting Collection: You must only collect the necessary amount of information for processing purposes.
  5. Limiting Use, Disclosure, and Retention: You must use personal information only for stated purposes unless you get consent from users for the new purpose.
  6. Accuracy: Your organization must keep personal information accurate, complete, and up-to-date.
  7. Safeguards: You must implement security measures to protect personal data.
  8. Openness: Your business must be transparent about its data handling practices to the public.
  9. Individual Access: You must honor users’ rights in accessing, reviewing, and correcting personal information.
  10. Challenging Compliance: Individuals have the right to challenge an organization’s compliance with the principles and should address inquiries to the person responsible for the organization’s compliance, typically the chief privacy officer.

Quebec’s Law 25

Where It Applies

Quebec’s Law 25 protects the personal information of Quebec residents.

What It Effects

What Quebec’s Law 25 Effects Requirements Termly’s Solutions
Privacy Policy Businesses must publish a confidentiality policy (aka, privacy policy) that is written in clear, straightforward language on their website or app. Privacy Policy Generator and Privacy Policy Template
Consent Management Quebec consumers have opt-in and opt-out rights under this law regarding specific types of data processing that may allow the person to be identified, located, or profiled. Consent Management Platform
Cookie Policy If you use cookies in a way that can track, locate, or identify a resident of Quebec, you must disclose this information in your cookie policy and explain how consumers can control those cookies. Cookie Policy Generator and Cookie Policy Template

Who It Effects

Small to medium-sized businesses that sell goods or offer services in Quebec must follow this law.

Additionally, entities targeting Quebec residents located outside of the province and personal information held by a professional order as defined by the Professional Code (chapter C-26) fall under the legal threshold.

Effective Date

The initial provisions entered into action in September 2022, but several additional provisions became effective as of September 2023.

All final provisions enter into effect September 2024.

Description

Quebec’s Law 25 modernizes the privacy protections in Canada with respect to personal information.

It describes new requirements for businesses, like security considerations to protect personal data, appointing a data protection officer, and performing privacy impact assessments.

Revised Switzerland Federal Act on Data Protection (FADP)

Where It Applies

The FADP protects the personal data of natural persons in Switzerland, regardless of their citizenship status.

What It Effects

What FADP Effects Requirements Termly’s Solutions
Privacy Policy Businesses must  state:

  • Their identity and contact information
  • The contact information of their data protection officer (DPO) or representative
  • The categories of personal data processed
  • The purposes for processing personal data
  •  Any countries outside of Switzerland the data may get transferred to
  • If applicable, the existence of any automatic decision-making
Privacy Policy Generator and Privacy Policy Template
Consent Management Consumers have the right to opt out of certain types of data processing, and businesses must obtain opt-in consent to collect and share sensitive personal data with any third parties. Consent Management Platform

Who It Effects

Entities that process the personal data of individuals within the territorial boundaries of Switzerland must follow the FADP.

Effective Date

September 1, 2023

Description

Recently revised to better align with the GDPR, the FADP is Switzerland’s leading data privacy and protection regulation.

It provides broad data privacy rights for people within the country and outlines obligations for businesses who want to collect and process their data.

Australia’s Data Privacy Act 1988

Where It Applies

The Data Privacy Act of 1988 protects the personal data of people living in the country of Australia.

What It Effects

What The Australia Privacy Act 1988 Effects Requirements Termly’s Solutions
Privacy Policy Covered entities must provide the following information to consumers:

  • The kinds of personal information collected and held
  • How you collect and hold the information
  • The purposes for collecting, holding, and using the information
  • How an individual may access their personal information or seek corrections
  • How an individual may complain about a breach of the principles outlined by the Act
  • If. you disclose the information overseas and if so, to what countries
Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain opt-in consent from protected individuals to use their data for direct marketing purposes. Additionally, a clear opt-out option must be made available to them. Consent Management Platform

Who It Effects

Your business must follow the Data Privacy Act of 1988 if you’re an Australian government entity or your annual turnover is over $3 million (USD 2 million).

Effective Date

1989

Description

The Australian Privacy Act 1988 is the primary data privacy and protection law in Australia.

Revised in 2014 and 2017, this law outlines 13 privacy principles covered entities must follow and describes rights and controls consumers have over their personal data.

New Zealand’s Data Privacy Act 2020

Where It Applies

The Privacy Act of 2020 protects the personal information of people living in New Zealand.

What It Effects

What The New Zealand Privacy Act 2020 Effects Requirements Termly’s Solutions
Privacy Policy Covered entities must take reasonable steps to ensure individuals know:

  • That the entity collects personal data
  • The legal purposes for the data collection
  • Any intended recipients of the personal data
Privacy Policy Generator and Privacy Policy Template

Who It Effects

Businesses must comply with New Zealand’s Privacy Act 2020 if they collect or store personal data about New Zealand consumers.

Effective Date

December 1, 2020

Description

New Zealand’s Privacy Act 2020 is the leading consumer data protection law in the country.

Similar to Australia’s Privacy Act 1988, it describes 13 core principles entities in the privacy and public sectors must follow in order to legally collect and process personal data.

It also describes the rights and controls New Zealand residents have over their information.

South Africa’s Protection of Personal Information Act (POPIA)

Where It Applies

The Protection of Personal Information Act protects the personal data of people in South Africa.

What It Effects

What POPIA Effects Requirements Termly’s Solutions
Privacy Policy Entities must provide the following details to consumers:

  • The full name of the organization and physical address
  • The categories of personal data collected and processed
  • The source of where the data is collected if not from the individuals themselves
  • The purpose for collecting the data
  • If providing the personal data is voluntary or mandatory
  • Any consequences if the individual does not provide the requested data
  • If you intent to transfer the data outside of South Africa
  • A list of the categories of third parties who might receive the data
  • An explanation of their right to object to the data processing
  • An explanation of their right to lodge a complaint to the Information Regulator
Privacy Policy Generator and Privacy Policy Template
Consent Management Under POPIA, individuals have the right to opt into and out of certain data processing activities, and they must be able to easily change their minds at any time. Consent Management Platform

Who It Effects

Businesses are subject to following POPIA if they’re located in South Africa or if they’re located elsewhere and make use of automated or non-automated processing within the country.

Effective Date

July 2020

Description

POPIA is the primary consumer data protection law in South Africa and is heavily based on the GDPR.

Overall, the law describes nine rights for South African citizens, including the right to access, delete, or correct their information.

Businesses must prove one of eight conditions for lawful processing under POPIA.

FTC’s Guidelines for Ecommerce Businesses

Where It Applies

The FTC is an independent entity that enforces consumer protection and antitrust laws in the United States.

In terms of consumer privacy, the FTC’s scope includes regulating and enforcing compliance with privacy laws and guidelines, investigating and prosecuting companies that engage in unfair or deceptive practices related to data collection, use, and sharing, and providing guidance and education to consumers and businesses about privacy best practices.

What It Effects

What the FTC Effects Requirements Termly’s Solutions
Privacy Policy The FTC recommends that ecommerce businesses use privacy policies. If your business targets children, you must use one under COPPA, an FTC-enforced law. Privacy Policy Generator and Privacy Policy Template
End-user License Agreements (EULA) If you sell software, you may need to include certain disclaimers and clauses due to applicable laws you fall under that the FTC enforces. EULA Generatorand EULA Template
Terms and Conditions Agreement You may need to include certain disclaimers and clauses in your terms due to applicable laws you fall under that may be enforced by the FTC. Terms and Conditions Generator and Terms and Conditions Template
Disclaimers Depending on applicable laws, the FTC may require ecommerce businesses to use DMCA, copyright, fair use, warranty, or affiliate disclaimers, which often go in your terms and conditions. Disclaimer Generator and Disclaimers Template

Who It Effects

The laws the FTC enforces typically impact businesses from around the globe that target US consumers.

Effective Date

The FTC was formed in 1916

Description

The FTC publishes guidelines for businesses in the US to maintain and enforce fair competition and practices, some of which impact your website policies.

For example, the following laws impact clauses, disclosures, or disclaimers that typically belong in a terms and conditions agreement or EULA:

Consent Management

Some laws and regulations impact consent management on your site or app and may require you to provide the following options for your consumers, depending on their rights:

  • Opt-in consent for certain types of personal data collection, processing, and uses
  • Opt-out consent for certain types of personal data collection, processing, and uses

Our Consent Management Platform is configurable to comply with the opt-in and opt-out consent requirements in nearly 80 different regions. Let’s discuss how in the next sections.

How To Configure Our CMP for Opt-In Consent Requirements

Opt-in consent is when a user actively and knowingly agrees to have their data collected or used in specific ways before it happens.

To configure our CMP tools for regions that require opt-in consent for data collection, ensure you do all of the following steps:

  1. Have the consent banner enabled
  2. Turn the Decline button on
  3. Turn the ‘Preference’ button on
  4. Select ‘Opt-in’ 
  5. Turn off the ‘Implied Consent’ option

See a screenshot of these settings below.
Termly-Consent-Management-Platform
You must offer an opt-in consent option if your users come from any of the following regions:

  • United States, Virginia — Consumer Data Protection Act (CDPA)
  • European Union (EU) — General Data Protection Regulation (GDPR)
  • Argentina — Personal Data Protection Act (PDPA)
  • Brazil — General Data Protection Law (LGPD)
  • Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Chile — the Protection of Private Life (as amended)
  • China — Personal Information Protection Law (PIPL)
  • Colombia — the Data Protection Law (Law 1581)
  • Czech Republic — Amending Certain Acts in Connection with the Adoption of the Act on the Processing of Personal Data (the Amending Act)
  • Japan — Act on the Protection of Personal Information (APPI)
  • Kazakhstan — Law of the Republic of Kazakhstan on Personal Data and Its Protection (the Personal Data Law)
  • Malaysia — Personal Data Protection Act 2010 (PDPA)
  • Mexico — the General Law on Protection of Personal Data Held by Mandated Parties (the Public Sector Law)
  • Morocco — the Protection of Individuals with Regard to the Processing of Personal Data (the Law)
  • Nigeria — Nigerian Data Protection Regulation (NDPR)
  • Philippines — Data Privacy Act of 2012 (DPA)
  • Singapore — Personal Data Protection Act (PDPA)
  • South Africa — Protection of Personal Information Act (POPIA)
  • South Korea — Personal Information Protection Act (PIPA)
  • Taiwan — Personal Data Protection Act (PDPA)
  • Turkey — Law on Protection of Personal Data No. 6698 (the Data Protection Law)
  • United Kingdom (UK) — the Data Protection Act (UK GDPR)

How to Configure Our CMP for Opt-Out Consent Requirements

Legally, when opt-out consent is required, you can set cookies and collect personal information but must provide your users with an easy and obvious way to opt-out.

To configure our CMP tools for opt-out consent requirements, follow these steps:

  1. Decide if you want to enable the consent banner or not
  2. If you choose to enable the consent banner, turn the ‘Decline’ button on
  3. Select ‘opt out
  4. Determine if you want to turn on ‘scroll to consent’ or not
  5. Ensure the consent preference center is easy to find on your website so that users can act on their rights

Below, see a screenshot of these opt-out settings.
Termly-Consent-Management-Platform-opt-out-settings
If your users live in any of the following regions, you must offer them an opt-out consent option:

  • Australia — the Privacy Act of 1988 (The Privacy Act)
  • Hong Kong — Personal Data Privacy Ordinance (PDPO)
  • India — The IT Act and SPDI Rules (Learn more here)
  • New Zealand — Privacy Act 2020 (the 2020 Privacy Act)
  • Switzerland — Federal Act on Data Protection (FADP)
  • United States, California — amended California Consumer Privacy Act (CCPA)

How Do We Stay Up To Date With New Laws?

Our dedicated legal team stays up to date with new and changing laws by:

  • Monitoring and tracking bills, acts, and existing pieces of legislation
  • Researching upcoming laws and staying on top of privacy-related news
  • Training our entire team about privacy best practices, both internally and externally
  • Collaboratively working together — our legal team and data privacy experts work with our product engineers and help maintain all of our tools and services

For example, right now, we’re currently preparing for the:

Plus, we’re monitoring the:

  • European Union’s Artificial Intelligence Act (EU AI Act)
  • American Privacy Rights Act (APRA)
  • American Data Privacy and Protection Act (ADPPA)

How Often Do We Update Our Services?

We monitor our tools and services constantly — that’s simply part of our role as privacy compliance partners trusted by thousands of businesses — but we try to deliver updates at least quarterly.

Plus, we make changes to our tools whenever data privacy laws evolve that impact the website policies and agreements we provide.

We email our Termly customers about the changes and service updates as soon as possible. Sometimes we publish a press release-style article about it, too — like this one about our Privacy Policy Generator.

We believe everyone has a right to know how their data gets tracked and used online. Any business that wants to increase its privacy compliance should be able to do so easily and affordably.

So all our tools and resources are built, monitored, and maintained with those goals in mind.

Summary

We built our generators, templates, CMP tools, and compliance solutions to help businesses easily comply with data privacy laws from around the globe.

By working with our legal team and data privacy experts, we can offer you easily adaptable tools that meet the legal requirements outlined by regulations like the GDPR, the amended CCPA, and so much more.

We promise to keep looking forward and continuously update our tools and offerings as new laws come into force, so you can focus on what matters most — your business.

Etienne Cussol CIPP/E, CIPM
More about the author

Written by Etienne Cussol CIPP/E, CIPM

Etienne is an Information Privacy professional and compliance analyst for Termly. He has been with us since 2021, managing our own compliance with data protection laws and participating in our marketing researches. His fields of expertise - and interest - include data protection (GDPR, ePrivacy Directive, CCPA), tracking technologies (third-party cookies, fingerprinting), and new forms of privacy management (GPC and the Google Privacy Sandbox). Etienne studied International Economic Affairs at the University of Toulouse, and graduated with a Masters in 2017. More about the author

Related Articles

Explore more resources