Which Laws Does Termly Cover?

Etienne Cussol CIPP/E, CIPM

by Etienne Cussol CIPP/E, CIPM

May 23, 2023

Which-Law-Does-Termly-Cover-01

When we call ourselves your all-in-one compliance solution, we mean it.

Our legal team and data privacy experts created our Policy Generators and Consent Management Platform to help small to medium-sized businesses around the globe comply with legislation like the:

And that’s just the tip of the iceberg.

In just a few clicks, you can configure our Consent Management Platform to follow regulations in over 80 regions.

Read on to learn about every data privacy law, regulation, and piece of legislation that Termly covers.

Table of Contents
  1. What Services Does Termly Offer?
  2. Which Laws Does Termly Cover?
  3. How Do We Stay Up To Date With New Laws?
  4. How Often Do We Update Our Services?
  5. Summary

What Services Does Termly Offer?

We provide customizable and personalized legal agreements, website policies, and other documents necessary for businesses to operate safely and legally online.

Our main expertise is in privacy compliance, but we also offer recommended documents like terms and conditions, return policies, and shipping policies to help improve your internal procedures and streamline customer services.

The table below shows a complete list of our current offerings.

Policy Generators Free Templates Consent Management
Privacy Policy Generator Privacy Policy Template Consent Management Platform
Terms and Conditions Generator Terms and Conditions Template Cookie Banners
Cookie Policy Generator Cookie Policy Template Cookie Scanner
End-user License Agreement Generator End-use License Agreement Template Cookie Consent Manager
Disclaimer Generator Disclaimer Template Data Subject Access Request (DSAR) Forms
Shipping Policy Generator Shipping Policy Template
Return Policy Generator Return Policy Template
Acceptable Use Policy Generator Acceptable Use Policy Template
Data Processing Agreement Generator* Data Processing Agreement Template*

*Coming soon

Despite how common most of these documents are, they’re still challenging to make and take up a lot of precious time, resources, and energy — especially if you fall under the jurisdiction of different data privacy or consumer protection laws.

To remove those burdens from your plate, we created easy-to-use, accessible, and legally compliant tools and policy generators so you can make effective policies quickly and affordably.

Which Laws Does Termly Cover?

You can use our privacy policy generator to comply with all of the following data privacy legislation:

  • General Data Protection Regulation (GDPR)
  • UK GDPR
  • ePrivacy Directive (EU Cookie Law)
  • Amended California Consumer Privacy Act (CCPA)
  • California Online Privacy Protection Act (CalOPPA)
  • Virginia Consumer Data Protection Act (CDPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)

You can configure our consent management solution to comply with regulations in these regions:

  • United States
  • European Union
  • Argentina
  • Australia
  • Brazil
  • Canada
  • Chile
  • China
  • Colombia
  • Czech Republic
  • Hong Kong
  • India
  • Japan
  • Kazakhstan
  • Malaysia
  • Mexico
  • Morocco
  • New Zealand
  • Nigeria
  • Philippines
  • Singapore
  • South Africa
  • South Korea
  • Switzerland
  • Taiwan
  • Turkey
  • United Kingdom

Both of these lists constantly evolve because we update our compliance solutions whenever laws change or if new ones come into force — we mention a few regulations and developments we’re already preparing for later in this article.

Not Legally Required

Agreements like your terms and conditions, return policy, and shipping policy technically aren’t required by any pieces of legislation. But using them is a best practice that helps protect your company and creates a better overall user experience for your consumers.

We built our tools to help you comply with consumer protection laws enforced by groups like the:

  • Federal Trade Commission (FTC) —  US
  • Competition and Markets Authority (CMP) — UK 

Policy Generators

In the next sections, we briefly summarize how some of the laws mentioned above apply to our policy generators.

General Data Protection Regulation (GDPR)

Where It Applies

The GDPR originates from the European Union (EU) and protects the rights of citizens in the EU and the European Economic Area (EEA), but it has an extraterritorial scope and covers businesses outside of traditional territorial boundaries.

What It Effects

What the GDPR Effects Requirements Termly’s Solutions
Privacy Policy You’re obligated to inform consumers about:

  • What personal data you collect
  • How it’s collected
  • Your legal basis for each category of data
  • How long the data is stored
  • Who it’s shared with or sold to
Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. Consent Management Platform
Cookie Policy Cookies and other trackers qualify as personal information under the GDPR. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, put a privacy clause in your EULA with a link to your privacy policy to adequately inform consumers about your privacy practices EULA Generator and EULA Template
Data Processing Agreements (DPA) If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the GDPR, which can be achieved using a DPA. Termly solutions coming soon!
Data Subject Access Request (DSAR) form Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. Free DSAR form for all Termly users
Terms and Conditions Agreement You must inform consumers about your privacy practices, which should be outlined in a privacy clause in your terms, and include a live link to your privacy policy. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

GDPR applies to any organization that collects, processes, or stores the personal data of individuals located in the European Union, Island, Norway, Lichtenstein or Switzerland(EU), regardless of where the organization is located. This includes businesses, non-profits, and government agencies, whether they are based within or outside the EU.

Additionally, data processors that handle personal data on behalf of organizations that are subject to GDPR must also comply with its regulations

Effective Date

Approved in 2016, in force since May 25, 2018

Description 

Known as the world’s strictest data privacy regulation, the GDPR has a global impact and requires businesses that collect personal information from EU and EEA users to:

  • Establish lawfull basis for data processing before any data collection beings
  • Give users a way to opt-out of consent at any time
  • Provide a means for users to follow through on their rights to amend, correct, access, or delete their personal information
  • Inform consumers about data collection practices using a GDPR-compliant privacy policy
  • Create contacts or DPAs with any third party entities that have access to user data

ePrivacy Directive (EU Cookie Law)

Where It Applies

The EU Cookie Law Originates from the EU and protects the rights of EU citizens. Because this is a directive, it requires Member States to achieve specific results without explicitly saying how, allowing each location to attain the goals in unique ways.

What the ePrivacy Directive Effects Requirements Termly’s Solutions
Privacy Policy You must include details about your use of cookies or other trackers in your privacy policy because they qualify as personal information. Privacy Policy Generator and Privacy Policy Template
Consent Management Businesses under this directive must obtain consent from consumers before placing cookies or other trackers on their browsers. Consent Management Platform
Cookie Policy Consumers have the right to be informed, so you must provide an accurate cookie policy. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, include a cookie clause in your EULA with a live link to your cookie policy to avoid fines for noncompliance. EULA Generator and EULA Template
Terms and Conditions Agreement It’s a best practice to add a cookie clause to your terms with a live link to your cookie policy to avoid noncompliance under this regulation. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

Any website with visitors from the EU that uses cookies or other tracking technology falls under the EU Cookie Law.

Effective Date

May 2011

Description

The ePrivacy Directive provides provisions on how entities can process personal data and requires businesses to protect the information.

Additionally, the directive outlines guidance on:

  • Network and service security
  • Keeping communications confidential
  • Access to personal data
  • Processing traffic and location data
  • Spam or unsolicited communications
  • Caller identification
  • Public directories
  • Notification of data breaches
  • Electronic tags and trackers, like cookies or other technology

Data Protection Act of 2018 (UK GDPR)

Where It Applies

The UK GDPR originates in the United Kingdom and protects the rights of UK citizens, but it has an extraterritorial scope and covers entities beyond traditional territorial boundaries.

What the UK GDPR Effects Requirements Termly’s Solutions
Privacy Policy You must inform users about:

  • What personal data you collect
  • How it’s collected
  • The legal basis for each category of data
  • How long you store the data for
  • Who it’s shared with or sold to
Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. Consent Management Platform
Cookie Policy Cookies and other trackers qualify as personal information under the UK GDPR. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, put a privacy clause in your EULA with a link to your privacy policy to inform consumers about your privacy practices. EULA Generator and EULA Template
Data Processing Agreements (DPA) If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the UK GDPR, which can be achieved using a DPA. Termly solutions coming soon!
Data Subject Access Request (DSAR) form Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. Free DSAR form for all Termly users
Terms and Conditions Agreement To keep users informed about your privacy practices, put a privacy clause in your terms and include a live link to your privacy policy. Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

Any organization offering goods or services to UK citizens who process their personal data falls under the jurisdiction of the UK GDPR.

Effective Date

January 1, 2021

Description

The UK GDPR essentially mirrors the EU GDPR, but it accounts for domestic areas of UK law.

According to the Information Commissioner’s Office (ICO), the UK version of the regulation incorporated all provisions of the EU GDPR, so the data privacy requirements are the same.

Amended California Consumer Privacy Act (CCPA)

Where It Applies:

The CCPA protects the rights of Californian citizens in the United States but has an extraterritorial scope.

In January 2023, the California Privacy Rights Act (CPRA) officially amended portions of the CCPA. All changes are currently in force.

What It Effects:

What the amended CCPA Effects Requirements Termly’s Solutions
Privacy Policy You’re obligated to inform consumers:

  • That you collect personal information
  • What personal information you collect
  • Who it’s shared with or sold to
  • Why you collect the information
Privacy Policy Generator and Privacy Policy Template
Consent Management You must provide consumers with a way to opt out of data collection using visible privacy settings. Consent Management Platform
Cookie Policy Cookies qualify as personal information, and consumers have the right to know which ones your site uses. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, it’s a best practice to include a California-specific privacy clause in your EULA and link to your privacy policy. EULA Generator and EULA Template
Data Processing Agreements (DPA) If any third-party entities process your consumers’ data, you must create specific contacts or DPAs with them that follow the guidelines outlined by this law. Termly solutions coming soon!
Data Subject Access Request (DSAR) form Use a DSAR form to give your users a way to act on their privacy rights, like requesting to access or delete their personal information. Free DSAR form for all Termly users
Terms and Conditions Agreement It’s a best practice to add a California-specific privacy clause in your terms and include a live link to your privacy policy Terms and Conditions Generator and Terms and Conditions Template

Who It Effects

The CCPA as amended applies to any for-profit entity doing business in California that meets any one of the following thresholds:

  • Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
  • Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
  • Derived 50% or more of your gross annual revenue from the selling or sharing of personal information

Effective Date

Originally enacted on January 1, 2020, the CPRA amendments went into force on January 1, 2023

Description

The amended CCPA obligates businesses to inform consumers that personal data is collected and provide a way for them to opt out of the collection using visible privacy settings.

You must also implement the following links on your website or app, which are available through our consent management tools:

California Online Privacy Protection Act (CalOPPA)

Where It Applies

CalOPPA protects the rights of California citizens in the US but has an extraterritorial scope.

What It Effects

What CalOPPA Effects Requirements Termly’s Solutions
Privacy Policy You must inform users about:

  • The effective date of the policy
  • The types of personal information you collect
  • How you’ll share updates to the policy
  • How they can request to review or delete their information
  • If you share the data with third parties
  • If ‘Do-Not-Track’ requests are honored or not
Privacy Policy Generator and Privacy Policy Template

Who It Effects

This law applies to any website with visitors from California.

Effective Date

July 1, 2004

Description

CalOPPA requires websites to post compliant privacy policies and impacts how they’re presented, phrased, and implemented. They must be easy to find, navigate through, and read.

The Virginia Consumer Data Protection Act (CDPA)

Where It Applies

The Virginia CDPA protects the rights of Virginia consumers in the US but has an extraterritorial scope.

What It Effects

What the Virginia CDPA Effects Requirements Termly’s Solutions
Privacy Policy You must provide consumers with a clear, reasonably accessible, and meaningful privacy policy and present and explain all consumer rights in a straightforward manner. Privacy Policy Generator and Privacy Policy Template
Consent Management You’re obligated to provide a manner in which consumers can opt out of the selling of their data to third parties or the processing of personal data for targeted advertising. Consent Management Platform
Cookie Policy Because cookies qualify as personal information under this law, you must provide users with an accurate policy outlining all cookies and trackers your site uses. Cookie Policy Generator and Cookie Policy Template
End-user License Agreements (EULA) If you sell software, you should include a privacy clause in your EULA and put a live link to your privacy policy so users can access the agreement EULA Generator and EULA Template
Data Processing Agreements (DPA) If any third party entities process your users’ data, you must create contacts following guidelines outlined by the CDPA, which is achievable using a DPA. Termly solutions coming soon!
Data Subject Access Request (DSAR or SAR) form You must provide users with a clear means for following through on their rights to request to access, correct, or delete their data, which is attainable with DSAR forms. Free DSAR form for all Termly users

Who It Effects

Persons or entities doing business in Virginia or producing products and services targeted to Virginia residents who meet one of the following thresholds fall under this law:

  • Controls or processes the personal data of at least 100,000 consumers
  • Derives 50% of gross revenue from the sale of personal data and controls or processes the personal data of at least 25,000 consumers

Effective Date

January 1, 2023

Description

This Virginia state law is similar to the CCPA and outlines consumer privacy rights and describes business obligations regarding data collection, processing, use, and storage.

Entities under the CDPA must also comply with requirements of proportionality and necessity and establish security safeguards to protect personal information.

Personal Information Protection and Electronic Documents Act (PIPEDA)

Where It Applies

PIPEDA protects the rights of Canadian citizens except for those in:

  • Alberta
  • Columbia
  • Quebec

But it does apply if the organization collecting the data performs federal work or the personal information crosses provincial borders for commercial activity.

It also does not cover citizens from:

  • New Brunswick
  • Newfoundland
  • Labrador
  • Nova Scotia
  • Ontario

This is primarily regarding health data, which is protected by specific provincial health laws in those regions.

The law is ambiguous about its extraterritorial scope. Still, the Federal Court of Canada found it may apply to businesses if there’s a substantial connection between the other party and Canada.

What It Effects

What PIPEDA Effects Requirements Termly’s Solutions
Privacy Policy Using a privacy policy allows you to state the purpose for data collection, which is one of the fair information principles of PIPEDA. Privacy Policy Generator and Privacy Policy Template
Consent Management You must obtain consent from users before any data collection, use, or disclosure of the information occurs. Consent Management Platform
Cookie Policy Cookies qualify as personal information under this law, so you must present users with a clear description of all cookies or trackers your site uses. Cookie Policy Generator and Cookie Policy Template

Who It Effects

Any organization that collects and uses personal information in connection with commercial activities, including selling or sharing donors, membership, or fundraising lists, falls under PIPEDA.

Effective Date

January 1, 2001

Description

While PIPEDA has a more limited scope than other data privacy legislation, businesses under this law must follow the 10 fair information principles:

  1. Accountability: Your business is responsible for the personal information it stores and must appoint someone to ensure your organization’s compliance.
  2. Identifying Purposes: You must state the purposes for data collection before or at the time of data collection.
  3. Consent: You must obtain implicit or explicit consent to collect, use, and share personal information, either opt-in or opt-out depending on the sensitivity of the data collected.
  4. Limiting Collection: You must only collect the necessary amount of information for processing purposes.
  5. Limiting Use, Disclosure, and Retention: You must use personal information only for stated purposes unless you get consent from users for the new purpose.
  6. Accuracy: Your organization must keep personal information accurate, complete, and up-to-date.
  7. Safeguards: You must implement security measures to protect personal data.
  8. Openness: Your business must be transparent about its data handling practices to the public.
  9. Individual Access: You must honor users’ rights in accessing, reviewing, and correcting personal information.
  10. Challenging Compliance: Individuals have the right to challenge an organization’s compliance with the principles and should address inquiries to the person responsible for the organization’s compliance, typically the chief privacy officer.

FTC’s Guidelines for Ecommerce Businesses

Where It Applies

The FTC is an independent entity that enforces consumer protection and antitrust laws in the United States.

In terms of consumer privacy, the FTC’s scope includes regulating and enforcing compliance with privacy laws and guidelines, investigating and prosecuting companies that engage in unfair or deceptive practices related to data collection, use, and sharing, and providing guidance and education to consumers and businesses about privacy best practices.

What It Effects

What the FTC Effects Requirements Termly’s Solutions
Privacy Policy The FTC recommends that ecommerce businesses use privacy policies. If your business targets children, you must use one under COPPA, an FTC-enforced law. Privacy Policy Generator and Privacy Policy Template
End-user License Agreements (EULA) If you sell software, you may need to include certain disclaimers and clauses due to applicable laws you fall under that the FTC enforces. EULA Generatorand EULA Template
Terms and Conditions Agreement You may need to include certain disclaimers and clauses in your terms due to applicable laws you fall under that may be enforced by the FTC. Terms and Conditions Generator and Terms and Conditions Template
Disclaimers Depending on applicable laws, the FTC may require ecommerce businesses to use DMCA, copyright, fair use, warranty, or affiliate disclaimers, which often go in your terms and conditions. Disclaimer Generator and Disclaimers Template

Who It Effects

The laws the FTC enforces typically impact businesses from around the globe that target US consumers.

Effective Date

The FTC was formed in 1916

Description

The FTC publishes guidelines for businesses in the US to maintain and enforce fair competition and practices, some of which impact your website policies.

For example, the following laws impact clauses, disclosures, or disclaimers that typically belong in a terms and conditions agreement or EULA:

Consent Management

Some laws and regulations impact consent management on your site or app and may require you to provide the following options for your consumers, depending on their rights:

  • Opt-in consent for certain types of personal data collection, processing, and uses
  • Opt-out consent for certain types of personal data collection, processing, and uses

Our Consent Management Platform is configurable to comply with the opt-in and opt-out consent requirements in nearly 80 different regions. Let’s discuss how in the next sections.

How To Configure Our CMP for Opt-In Consent Requirements

Opt-in consent is when a user actively and knowingly agrees to have their data collected or used in specific ways before it happens.

To configure our CMP tools for regions that require opt-in consent for data collection, ensure you do all of the following steps:

  1. Have the consent banner enabled
  2. Turn the Decline button on
  3. Turn the ‘Preference’ button on
  4. Select ‘Opt-in’ 
  5. Turn off the ‘Implied Consent’ option

See a screenshot of these settings below.

Termly-Consent-Management-Platform

You must offer an opt-in consent option if your users come from any of the following regions:

  • United States, Virginia — Consumer Data Protection Act (CDPA)
  • European Union (EU) — General Data Protection Regulation (GDPR)
  • Argentina — Personal Data Protection Act (PDPA)
  • Brazil — General Data Protection Law (LGPD)
  • Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Chile — the Protection of Private Life (as amended)
  • China — Personal Information Protection Law (PIPL)
  • Colombia — the Data Protection Law (Law 1581)
  • Czech Republic — Amending Certain Acts in Connection with the Adoption of the Act on the Processing of Personal Data (the Amending Act)
  • Japan — Act on the Protection of Personal Information (APPI)
  • Kazakhstan — Law of the Republic of Kazakhstan on Personal Data and Its Protection (the Personal Data Law)
  • Malaysia — Personal Data Protection Act 2010 (PDPA)
  • Mexico — the General Law on Protection of Personal Data Held by Mandated Parties (the Public Sector Law)
  • Morocco — the Protection of Individuals with Regard to the Processing of Personal Data (the Law)
  • Nigeria — Nigerian Data Protection Regulation (NDPR)
  • Philippines — Data Privacy Act of 2012 (DPA)
  • Singapore — Personal Data Protection Act (PDPA)
  • South Africa — Protection of Personal Information Act (POPIA)
  • South Korea — Personal Information Protection Act (PIPA)
  • Taiwan — Personal Data Protection Act (PDPA)
  • Turkey — Law on Protection of Personal Data No. 6698 (the Data Protection Law)
  • United Kingdom (UK) — the Data Protection Act (UK GDPR)

How to Configure Our CMP for Opt-Out Consent Requirements

Legally, when opt-out consent is required, you can set cookies and collect personal information but must provide your users with an easy and obvious way to opt-out.

To configure our CMP tools for opt-out consent requirements, follow these steps:

  1. Decide if you want to enable the consent banner or not
  2. If you choose to enable the consent banner, turn the ‘Decline’ button on
  3. Select ‘opt out
  4. Determine if you want to turn on ‘scroll to consent’ or not
  5. Ensure the consent preference center is easy to find on your website so that users can act on their rights

Below, see a screenshot of these opt-out settings.

Termly-Consent-Management-Platform-opt-out-settings

If your users live in any of the following regions, you must offer them an opt-out consent option:

  • Australia — the Privacy Act of 1988 (The Privacy Act)
  • Hong Kong — Personal Data Privacy Ordinance (PDPO)
  • India — The IT Act and SPDI Rules (Learn more here)
  • New Zealand — Privacy Act 2020 (the 2020 Privacy Act)
  • Switzerland — Federal Act on Data Protection (FADP)
  • United States, California — amended California Consumer Privacy Act (CCPA)

How Do We Stay Up To Date With New Laws?

Our dedicated legal team stays up to date with new and changing laws by:

  • Monitoring and tracking bills, acts, and existing pieces of legislation
  • Researching upcoming laws and staying on top of privacy-related news
  • Training our entire team about privacy best practices, both internally and externally
  • Collaboratively working together — our legal team and data privacy experts work with our product engineers and help maintain all of our tools and services

For example, right now, we’re currently preparing for the:

  • Impending 2024 cookiepocalypse
  • Connecticut Personal Data Privacy and Online Monitoring Act (CTPDA) —  in force July 1, 2023
  • Colorado Privacy Act (CPA) —  in force July 1, 2023
  • Utah’s Consumer Privacy Act (UCPA) —  in force December 31, 2023

Plus, we’re monitoring the:

  • Michigan Personal Data Privacy Act (PDPA)
  • European Union’s Artificial Intelligence Act (EU AI Act)
  • American Data Privacy and Protection Act (ADPPA)

How Often Do We Update Our Services?

We monitor our tools and services constantly — that’s simply part of our role as privacy compliance partners trusted by thousands of businesses — but we try to deliver updates at least quarterly.

Plus, we make changes to our tools whenever data privacy laws evolve that impact the website policies and agreements we provide.

We email our Termly customers about the changes and service updates as soon as possible. Sometimes we publish a press release-style article about it, too — like this one about our Privacy Policy Generator.

We believe everyone has a right to know how their data gets tracked and used online. Any business that wants to increase its privacy compliance should be able to do so easily and affordably.

So all our tools and resources are built, monitored, and maintained with those goals in mind.

Summary

We built our generators, templates, CMP tools, and compliance solutions to help businesses easily comply with data privacy laws from around the globe.

By working with our legal team and data privacy experts, we can offer you easily adaptable tools that meet the legal requirements outlined by regulations like the GDPR, the amended CCPA, and so much more.

We promise to keep looking forward and continuously update our tools and offerings as new laws come into force, so you can focus on what matters most — your business.

Etienne Cussol CIPP/E, CIPM
More about the author

Written by Etienne Cussol CIPP/E, CIPM

Etienne is an Information Privacy professional and compliance analyst for Termly. He has been with us since 2021, managing our own compliance with data protection laws and participating in our marketing researches. His fields of expertise - and interest - include data protection (GDPR, ePrivacy Directive, CCPA), tracking technologies (third-party... More about the author

Related Articles

Explore more resources