When we call ourselves your all-in-one compliance solution, we mean it.
Our legal team and data privacy experts created our Policy Generators and Consent Management Platform to help small to medium-sized businesses around the globe comply with legislation like the:
And that’s just the tip of the iceberg.
In just a few clicks, you can configure our Consent Management Platform to follow regulations in over 80 regions.
Read on to learn about every data privacy law, regulation, and piece of legislation that Termly covers.
What Services Does Termly Offer?
We provide customizable and personalized legal agreements, website policies, and other documents necessary for businesses to operate safely and legally online.
Our main expertise is in privacy compliance, but we also offer recommended documents like terms and conditions, return policies, and shipping policies to help improve your internal procedures and streamline customer services.
The table below shows a complete list of our current offerings.
| Policy Generators | Free Templates | Consent Management |
| Privacy Policy Generator | Privacy Policy Template | Consent Management Platform |
| Terms and Conditions Generator | Terms and Conditions Template | Cookie Banners |
| Cookie Policy Generator | Cookie Policy Template | Cookie Scanner |
| End-user License Agreement Generator | End-use License Agreement Template | Cookie Consent Manager |
| Disclaimer Generator | Disclaimer Template | Data Subject Access Request (DSAR) Forms |
| Shipping Policy Generator | Shipping Policy Template | |
| Return Policy Generator | Return Policy Template | |
| Acceptable Use Policy Generator | Acceptable Use Policy Template | |
| Data Processing Agreement Generator* | Data Processing Agreement Template* |
*Coming soon
Despite how common most of these documents are, they’re still challenging to make and take up a lot of precious time, resources, and energy — especially if you fall under the jurisdiction of different data privacy or consumer protection laws.
To remove those burdens from your plate, we created easy-to-use, accessible, and legally compliant tools and policy generators so you can make effective policies quickly and affordably.
Which Laws Does Termly Cover?
Our privacy policy generator covers the following 26 data privacy laws and regulations:
- General Data Protection Regulation (GDPR)
- UK GDPR
- ePrivacy Directive (EU Cookie Law)
- Amended California Consumer Privacy Act (CCPA)
- California Online Privacy Protection Act (CalOPPA)
- Colorado Privacy Act (CPA)
- Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA)
- Delaware Personal Data Privacy Act (DPDPA)
- Florida Digital Bill of Rights (FDBR)
- Indiana Consumer Data Protection Act (Indiana CDPA)
- Iowa Consumer Data Protection Act (Iowa CDPA)
- Kentucky Consumer Data Protection Act (KCDPA)
- Montana Consumer Data Privacy Act (MCDPA)
- New Hampshire Data Privacy Law (NHDPL)
- New Jersey Data Privacy Act (NJDPA)
- Oregon Consumer Privacy Act (OCPA)
- Tennessee Information Protection Act (TIPA)
- Texas Data Privacy and Security Act (TDPSA)
- Virginia Consumer Data Protection Act (CDPA)
- Utah Consumer Privacy Act (UCPA)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Quebec’s Law 25
- Revised Switzerland Federal Act on Data Protection (FADP)
- Australia Privacy Act 1988
- New Zealand Privacy Act 2020
- South Africa’s Protection of Personal Information Act (POPIA)
You can configure our consent management solution to comply with regulations in these regions:
- United States
- European Union
- Argentina
- Australia
- Brazil
- Canada
- Chile
- China
- Colombia
- Czech Republic
- Hong Kong
- India
- Japan
- Kazakhstan
- Malaysia
- Mexico
- Morocco
- New Zealand
- Nigeria
- Philippines
- Singapore
- South Africa
- South Korea
- Switzerland
- Taiwan
- Turkey
- United Kingdom
Both of these lists constantly evolve because we update our compliance solutions whenever laws change or if new ones come into force — we mention a few regulations and developments we’re already preparing for later in this article.
Not Legally Required
Agreements like your terms and conditions, return policy, and shipping policy technically aren’t required by any pieces of legislation. But using them is a best practice that helps protect your company and creates a better overall user experience for your consumers.
We built our tools to help you comply with consumer protection laws enforced by groups like the:
Policy Generators
In the next sections, we briefly summarize how some of the laws mentioned above apply to our policy generators.
General Data Protection Regulation (GDPR)
Where It Applies
The GDPR originates from the European Union (EU) and protects the rights of citizens in the EU and the European Economic Area (EEA), but it has an extraterritorial scope and covers businesses outside of traditional territorial boundaries.
What It Effects
| What the GDPR Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You’re obligated to inform consumers about:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. | Consent Management Platform |
| Cookie Policy | Cookies and other trackers qualify as personal information under the GDPR. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, put a privacy clause in your EULA with a link to your privacy policy to adequately inform consumers about your privacy practices | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the GDPR, which can be achieved using a DPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. | Free DSAR form for all Termly users |
| Terms and Conditions Agreement | You must inform consumers about your privacy practices, which should be outlined in a privacy clause in your terms, and include a live link to your privacy policy. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
GDPR applies to any organization that collects, processes, or stores the personal data of individuals located in the European Union, Island, Norway, Lichtenstein or Switzerland(EU), regardless of where the organization is located. This includes businesses, non-profits, and government agencies, whether they are based within or outside the EU.
Additionally, data processors that handle personal data on behalf of organizations that are subject to GDPR must also comply with its regulations
Effective Date
Approved in 2016, in force since May 25, 2018
Description
Known as the world’s strictest data privacy regulation, the GDPR has a global impact and requires businesses that collect personal information from EU and EEA users to:
- Establish lawfull basis for data processing before any data collection beings
- Give users a way to opt-out of consent at any time
- Provide a means for users to follow through on their rights to amend, correct, access, or delete their personal information
- Inform consumers about data collection practices using a GDPR-compliant privacy policy
- Create contacts or DPAs with any third party entities that have access to user data
ePrivacy Directive (EU Cookie Law)
Where It Applies
The EU Cookie Law Originates from the EU and protects the rights of EU citizens. Because this is a directive, it requires Member States to achieve specific results without explicitly saying how, allowing each location to attain the goals in unique ways.
What It Effects
| What the ePrivacy Directive Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must include details about your use of cookies or other trackers in your privacy policy because they qualify as personal information. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | Businesses under this directive must obtain consent from consumers before placing cookies or other trackers on their browsers. | Consent Management Platform |
| Cookie Policy | Consumers have the right to be informed, so you must provide an accurate cookie policy. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, include a cookie clause in your EULA with a live link to your cookie policy to avoid fines for noncompliance. | EULA Generator and EULA Template |
| Terms and Conditions Agreement | It’s a best practice to add a cookie clause to your terms with a live link to your cookie policy to avoid noncompliance under this regulation. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
Any website with visitors from the EU that uses cookies or other tracking technology falls under the EU Cookie Law.
Effective Date
May 2011
Description
The ePrivacy Directive provides provisions on how entities can process personal data and requires businesses to protect the information.
Additionally, the directive outlines guidance on:
- Network and service security
- Keeping communications confidential
- Access to personal data
- Processing traffic and location data
- Spam or unsolicited communications
- Caller identification
- Public directories
- Notification of data breaches
- Electronic tags and trackers, like cookies or other technology
Data Protection Act of 2018 (UK GDPR)
Where It Applies
The UK GDPR originates in the United Kingdom and protects the rights of UK citizens, but it has an extraterritorial scope and covers entities beyond traditional territorial boundaries.
What It Effects
| What the UK GDPR Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must inform users about:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain explicit, active, and informed opt-in consent from consumers before any personal data collection begins and give them a way to opt out just as easily. | Consent Management Platform |
| Cookie Policy | Cookies and other trackers qualify as personal information under the UK GDPR. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, put a privacy clause in your EULA with a link to your privacy policy to inform consumers about your privacy practices. | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If you rely on a third party to process data, you must create contracts following explicit legal guidelines outlined by the UK GDPR, which can be achieved using a DPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | Use a DSAR form to allow your data subjects to follow through on their right to request access, amend, correct, or delete their personal information. | Free DSAR form for all Termly users |
| Terms and Conditions Agreement | To keep users informed about your privacy practices, put a privacy clause in your terms and include a live link to your privacy policy. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
Any organization offering goods or services to UK citizens who process their personal data falls under the jurisdiction of the UK GDPR.
Effective Date
January 1, 2021
Description
The UK GDPR essentially mirrors the EU GDPR, but it accounts for domestic areas of UK law.
According to the Information Commissioner’s Office (ICO), the UK version of the regulation incorporated all provisions of the EU GDPR, so the data privacy requirements are the same.
Amended California Consumer Privacy Act (CCPA)
Where It Applies:
The CCPA protects the rights of Californian citizens in the United States but has an extraterritorial scope.
In January 2023, the California Privacy Rights Act (CPRA) officially amended portions of the CCPA. All changes are currently in force.
What It Effects:
| What the amended CCPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You’re obligated to inform consumers:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must provide consumers with a way to opt out of data collection using visible privacy settings. | Consent Management Platform |
| Cookie Policy | Cookies qualify as personal information, and consumers have the right to know which ones your site uses. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, it’s a best practice to include a California-specific privacy clause in your EULA and link to your privacy policy. | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If any third-party entities process your consumers’ data, you must create specific contacts or DPAs with them that follow the guidelines outlined by this law. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | Use a DSAR form to give your users a way to act on their privacy rights, like requesting to access or delete their personal information. | Free DSAR form for all Termly users |
| Terms and Conditions Agreement | It’s a best practice to add a California-specific privacy clause in your terms and include a live link to your privacy policy. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
The CCPA as amended applies to any for-profit entity doing business in California that meets any one of the following thresholds:
- Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
- Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
- Derived 50% or more of your gross annual revenue from the selling or sharing of personal information
Effective Date
Originally enacted on January 1, 2020, the CPRA amendments went into force on January 1, 2023
Description
The amended CCPA obligates businesses to inform consumers that personal data is collected and provide a way for them to opt out of the collection using visible privacy settings.
You must also implement the following links on your website or app, which are available through our consent management tools:
- Publish a “Do Not Sell or Share My Personal Information” link
- Publish a “Limit the Use of My Sensitive Information” link
- Or honor users’ consent preference settings on their browsers
California Online Privacy Protection Act (CalOPPA)
Where It Applies
CalOPPA protects the rights of California citizens in the US but has an extraterritorial scope.
What It Effects
| What CalOPPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must inform users about:
|
Privacy Policy Generator and Privacy Policy Template |
Who It Effects
This law applies to any website with visitors from California.
Effective Date
July 1, 2004
Description
CalOPPA requires websites to post compliant privacy policies and impacts how they’re presented, phrased, and implemented. They must be easy to find, navigate through, and read.
The Colorado Privacy Act (CPA)
Where It Applies
The CPA applies to residents of the state of Colorado acting in an individual or household context.
It excludes anyone in the state for business or work, including job candidates and beneficiaries of someone acting in a commercial or employment context.
What It Effects
| What CPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You’re obligated to disclose to consumers:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must provide users with a way to opt out of the sale of their personal information and targeted advertising. | Consent Management Platform |
| Cookie Policy | If you use cookies for targeted advertising or the sale of personal data, you must disclose this in your cookie policy and describe how consumers can follow through on their opt out rights. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreement (EULA) | If you sell software, it’s a best practice under the CPA to create a EULA and link it to your privacy policy. | EULA Generator and EULA Template |
| Data Processing Agreement (DPA) | Data controllers and processors must both sign a contract or DPA that meets specific guidelines outlined by the law. | Termly Solutions Coming Soon! |
| Data Subject Access Request Form (DSAR) | Consumers have the right to request to access, delete, or correct the data you collect on them, and providing a DSAR form is one way to meet these legal obligations. | Free DSAR form for all Termly users |
| Terms and Conditions | It’s a best practice to include a link to your privacy policy in your Terms and Conditions agreement. | Terms and Conditions Generator and Terms and Conditions Template |
Who It Effects
Businesses must comply with the CPA if they conduct business in the state or sell products or services to Colorado residents and meet one or more of the following:
- Processes or controls the personal data of more than 100,000 consumers in a year
- Derives revenue or receives discounts from the sale of personal data and controls or processes the data of at least 25,000 consumers
Effective Date
July 1, 2023
Description
The CPA acts as Colorado’s comprehensive consumer data privacy law. It protects the personal data of Colorado residents and grants them rights regarding how that data gets collected, processed, and used.
For example, Colorado consumers can opt out of the sale of their data, targeted advertising, and profiling in the furtherance of decisions that produce legal or similarly significant effects.
The Connecticut Personal Data Privacy and Online Monitoring Act (CTDPA)
Where It Applies
The CTDPA originates in the U.S. state of Connecticut and protects the privacy rights of consumers who are residents of the state.
It excludes anyone living in Connecticut in an employment or commercial context.
Who It Effects
Entities that conduct business in Connecticut or who target services or products to residents of the state and who meet either of the following provisions must follow the CTDPA:
- Processes or controls the personal data of 100,000 or more consumers
- Processes or controls the personal data of 25,000 or more consumers and earns more than 25% total revenue through the sale of data
However, data processed solely for the purpose of completing a payment transaction is exempt.
What It Effects
| What CTDPA Effect | Requirements | Termly’s Solutions |
| Privacy Policy | Businesses must inform consumers about:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | The Connecticut law gives consumers opt-out rights regarding targeted advertising and the sale of their data, and you must provide an easy way for them to do so. | Consent Management Platform |
| Cookie Policy | If you sell data collected through cookies or use them for targeted advertising, you must explain this in your cookie policy and provide a way for consumers to opt out. | Cookie Policy Generator and Cookie Policy Template |
| End-use License Agreement (EULA) | Those selling software to Connecticut residents should create a EULA and include a live link to their privacy policy within it. | EULA Generator and EULA Template |
| Data Processing Agreement (DPA) | Controllers and processors must sign contracts or DPAs that meet specific guidelines described by the law. | Termly Solutions Coming Soon! |
| Data Subject Access Request Form (DSAR) | Using a DSAR form allows your consumers to easily follow through on their privacy rights to access, correct, or delete their personal data. | Free DSAR form for all Termly users |
| Terms and Conditions | To protect your business, it’s a best practice to link your privacy policy within a terms and conditions agreement. | Terms and Conditions Generator and Terms and Conditions Template |
Effective Date
July 1, 2023
Description
The CTDPA protects the personal data of Connecticut residents and gives them rights over how their personal information gets collected, processed, and used by covered entities.
Consumers can request information about if their data is being processed and can opt out of specific processing activities, like targeted advertising.
It also requires online entities to honor universal opt out preference signals set on consumer browsers by January 1, 2025.
The Virginia Consumer Data Protection Act (CDPA)
Where It Applies
The Virginia CDPA protects the rights of Virginia consumers in the US but has an extraterritorial scope.
What It Effects
| What the Virginia CDPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must provide consumers with a clear, reasonably accessible, and meaningful privacy policy and present and explain all consumer rights in a straightforward manner. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You’re obligated to provide a manner in which consumers can opt out of the selling of their data to third parties or the processing of personal data for targeted advertising. | Consent Management Platform |
| Cookie Policy | Because cookies qualify as personal information under this law, you must provide users with an accurate policy outlining all cookies and trackers your site uses. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreements (EULA) | If you sell software, you should include a privacy clause in your EULA and put a live link to your privacy policy so users can access the agreement | EULA Generator and EULA Template |
| Data Processing Agreements (DPA) | If any third party entities process your users’ data, you must create contacts following guidelines outlined by the CDPA, which is achievable using a DPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) form | You must provide users with a clear means for following through on their rights to request to access, correct, or delete their data, which is attainable with DSAR forms. | Free DSAR form for all Termly users |
Who It Effects
Persons or entities doing business in Virginia or producing products and services targeted to Virginia residents who meet one of the following thresholds fall under this law:
- Controls or processes the personal data of at least 100,000 consumers
- Derives 50% of gross revenue from the sale of personal data and controls or processes the personal data of at least 25,000 consumers
Effective Date
January 1, 2023
Description
This Virginia state law is similar to the CCPA and outlines consumer privacy rights and describes business obligations regarding data collection, processing, use, and storage.
Entities under the CDPA must also comply with requirements of proportionality and necessity and establish security safeguards to protect personal information.
Utah Consumer Privacy Act (UCPA)
Where It Applies
Utah’s comprehensive consumer data privacy law protects the personal data of residents of the U.S. state of Utah.
What It Effects
| What The UCPA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | You must inform consumers about:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | Under the UCPA, consumers have the right to opt out of certain types of data processing, including the sale of their data and targeted advertising. | Consent Management Platform |
| Cookie Policy | If you use cookies to sell personal data or for targeted advertising, you must inform your users protected by the UCPA and provide them with a way to opt out. | Cookie Policy Generator and Cookie Policy Template |
| End-user License Agreement (EULA) | If you sell software, it’s a best practice to include a live link to your privacy policy within your EULA. | EULA Generator and EULA Template |
| Data Processing Agreement (DPA) | Data processors and controllers must use contracts, or DPAs, that meet the requirements outlined in the UCPA. | Termly solutions coming soon! |
| Data Subject Access Request (DSAR) Form | You must provide your users with a way to follow through on their rights under the UCPA, including the right to request to access or delete their data, and posting a DSAR form can help you meet this legal requirement. | Free DSAR form for all Termly users |
Who It Affects
Businesses must comply with the UCPA if they conduct business in the state or target services to Utah residents and meet all of the following thresholds:
- Has a gross annual revenue of at least $25 million
- Controls or processes the personal data of at least 100,000 consumers or earns 50% or more revenue from the sale of personal data and controls or processes information from at least 25,000 consumers
Effective Date
December 31, 2023
Description:
Under the UCPA, businesses must provide consumers with a comprehensive privacy policy and describe how they can opt out of certain types of data processing.
Additionally, data controllers and processors must use specific contracts meeting obligations outlined by Utah’s new law. Both entities must also implement proper security measures to protect consumer data.
Personal Information Protection and Electronic Documents Act (PIPEDA)
Where It Applies
PIPEDA protects the rights of Canadian citizens except for those in:
- Alberta
- Columbia
- Quebec
But it does apply if the organization collecting the data performs federal work or the personal information crosses provincial borders for commercial activity.
It also does not cover citizens from:
- New Brunswick
- Newfoundland
- Labrador
- Nova Scotia
- Ontario
This is primarily regarding health data, which is protected by specific provincial health laws in those regions.
The law is ambiguous about its extraterritorial scope. Still, the Federal Court of Canada found it may apply to businesses if there’s a substantial connection between the other party and Canada.
What It Effects
| What PIPEDA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Using a privacy policy allows you to state the purpose for data collection, which is one of the fair information principles of PIPEDA. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain consent from users before any data collection, use, or disclosure of the information occurs. | Consent Management Platform |
| Cookie Policy | Cookies qualify as personal information under this law, so you must present users with a clear description of all cookies or trackers your site uses. | Cookie Policy Generator and Cookie Policy Template |
Who It Effects
Any organization that collects and uses personal information in connection with commercial activities, including selling or sharing donors, membership, or fundraising lists, falls under PIPEDA.
Effective Date
January 1, 2001
Description
While PIPEDA has a more limited scope than other data privacy legislation, businesses under this law must follow the 10 fair information principles:
- Accountability: Your business is responsible for the personal information it stores and must appoint someone to ensure your organization’s compliance.
- Identifying Purposes: You must state the purposes for data collection before or at the time of data collection.
- Consent: You must obtain implicit or explicit consent to collect, use, and share personal information, either opt-in or opt-out depending on the sensitivity of the data collected.
- Limiting Collection: You must only collect the necessary amount of information for processing purposes.
- Limiting Use, Disclosure, and Retention: You must use personal information only for stated purposes unless you get consent from users for the new purpose.
- Accuracy: Your organization must keep personal information accurate, complete, and up-to-date.
- Safeguards: You must implement security measures to protect personal data.
- Openness: Your business must be transparent about its data handling practices to the public.
- Individual Access: You must honor users’ rights in accessing, reviewing, and correcting personal information.
- Challenging Compliance: Individuals have the right to challenge an organization’s compliance with the principles and should address inquiries to the person responsible for the organization’s compliance, typically the chief privacy officer.
Quebec’s Law 25
Where It Applies
Quebec’s Law 25 protects the personal information of Quebec residents.
What It Effects
| What Quebec’s Law 25 Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Businesses must publish a confidentiality policy (aka, privacy policy) that is written in clear, straightforward language on their website or app. | Privacy Policy Generator and Privacy Policy Template |
| Consent Management | Quebec consumers have opt-in and opt-out rights under this law regarding specific types of data processing that may allow the person to be identified, located, or profiled. | Consent Management Platform |
| Cookie Policy | If you use cookies in a way that can track, locate, or identify a resident of Quebec, you must disclose this information in your cookie policy and explain how consumers can control those cookies. | Cookie Policy Generator and Cookie Policy Template |
Who It Effects
Small to medium-sized businesses that sell goods or offer services in Quebec must follow this law.
Additionally, entities targeting Quebec residents located outside of the province and personal information held by a professional order as defined by the Professional Code (chapter C-26) fall under the legal threshold.
Effective Date
The initial provisions entered into action in September 2022, but several additional provisions became effective as of September 2023.
All final provisions enter into effect September 2024.
Description
Quebec’s Law 25 modernizes the privacy protections in Canada with respect to personal information.
It describes new requirements for businesses, like security considerations to protect personal data, appointing a data protection officer, and performing privacy impact assessments.
Revised Switzerland Federal Act on Data Protection (FADP)
Where It Applies
The FADP protects the personal data of natural persons in Switzerland, regardless of their citizenship status.
What It Effects
| What FADP Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Businesses must state:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | Consumers have the right to opt out of certain types of data processing, and businesses must obtain opt-in consent to collect and share sensitive personal data with any third parties. | Consent Management Platform |
Who It Effects
Entities that process the personal data of individuals within the territorial boundaries of Switzerland must follow the FADP.
Effective Date
September 1, 2023
Description
Recently revised to better align with the GDPR, the FADP is Switzerland’s leading data privacy and protection regulation.
It provides broad data privacy rights for people within the country and outlines obligations for businesses who want to collect and process their data.
Australia’s Data Privacy Act 1988
Where It Applies
The Data Privacy Act of 1988 protects the personal data of people living in the country of Australia.
What It Effects
| What The Australia Privacy Act 1988 Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Covered entities must provide the following information to consumers:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | You must obtain opt-in consent from protected individuals to use their data for direct marketing purposes. Additionally, a clear opt-out option must be made available to them. | Consent Management Platform |
Who It Effects
Your business must follow the Data Privacy Act of 1988 if you’re an Australian government entity or your annual turnover is over $3 million (USD 2 million).
Effective Date
1989
Description
The Australian Privacy Act 1988 is the primary data privacy and protection law in Australia.
Revised in 2014 and 2017, this law outlines 13 privacy principles covered entities must follow and describes rights and controls consumers have over their personal data.
New Zealand’s Data Privacy Act 2020
Where It Applies
The Privacy Act of 2020 protects the personal information of people living in New Zealand.
What It Effects
| What The New Zealand Privacy Act 2020 Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Covered entities must take reasonable steps to ensure individuals know:
|
Privacy Policy Generator and Privacy Policy Template |
Who It Effects
Businesses must comply with New Zealand’s Privacy Act 2020 if they collect or store personal data about New Zealand consumers.
Effective Date
December 1, 2020
Description
New Zealand’s Privacy Act 2020 is the leading consumer data protection law in the country.
Similar to Australia’s Privacy Act 1988, it describes 13 core principles entities in the privacy and public sectors must follow in order to legally collect and process personal data.
It also describes the rights and controls New Zealand residents have over their information.
South Africa’s Protection of Personal Information Act (POPIA)
Where It Applies
The Protection of Personal Information Act protects the personal data of people in South Africa.
What It Effects
| What POPIA Effects | Requirements | Termly’s Solutions |
| Privacy Policy | Entities must provide the following details to consumers:
|
Privacy Policy Generator and Privacy Policy Template |
| Consent Management | Under POPIA, individuals have the right to opt into and out of certain data processing activities, and they must be able to easily change their minds at any time. | Consent Management Platform |
Who It Effects
Businesses are subject to following POPIA if they’re located in South Africa or if they’re located elsewhere and make use of automated or non-automated processing within the country.
Effective Date
July 2020
Description
POPIA is the primary consumer data protection law in South Africa and is heavily based on the GDPR.
Overall, the law describes nine rights for South African citizens, including the right to access, delete, or correct their information.
Businesses must prove one of eight conditions for lawful processing under POPIA.
FTC’s Guidelines for Ecommerce Businesses
Where It Applies
The FTC is an independent entity that enforces consumer protection and antitrust laws in the United States.
In terms of consumer privacy, the FTC’s scope includes regulating and enforcing compliance with privacy laws and guidelines, investigating and prosecuting companies that engage in unfair or deceptive practices related to data collection, use, and sharing, and providing guidance and education to consumers and businesses about privacy best practices.
What It Effects
| What the FTC Effects | Requirements | Termly’s Solutions |
| Privacy Policy | The FTC recommends that ecommerce businesses use privacy policies. If your business targets children, you must use one under COPPA, an FTC-enforced law. | Privacy Policy Generator and Privacy Policy Template |
| End-user License Agreements (EULA) | If you sell software, you may need to include certain disclaimers and clauses due to applicable laws you fall under that the FTC enforces. | EULA Generatorand EULA Template |
| Terms and Conditions Agreement | You may need to include certain disclaimers and clauses in your terms due to applicable laws you fall under that may be enforced by the FTC. | Terms and Conditions Generator and Terms and Conditions Template |
| Disclaimers | Depending on applicable laws, the FTC may require ecommerce businesses to use DMCA, copyright, fair use, warranty, or affiliate disclaimers, which often go in your terms and conditions. | Disclaimer Generator and Disclaimers Template |
Who It Effects
The laws the FTC enforces typically impact businesses from around the globe that target US consumers.
Effective Date
The FTC was formed in 1916
Description
The FTC publishes guidelines for businesses in the US to maintain and enforce fair competition and practices, some of which impact your website policies.
For example, the following laws impact clauses, disclosures, or disclaimers that typically belong in a terms and conditions agreement or EULA:
- The Federal Trade Commission Act
- The Copyright Act of 1976 (Title 17)
- Children’s Online Privacy Protection Act (COPPA)
- Digital Millennium Copyright Act (DMCA)
Consent Management
Some laws and regulations impact consent management on your site or app and may require you to provide the following options for your consumers, depending on their rights:
- Opt-in consent for certain types of personal data collection, processing, and uses
- Opt-out consent for certain types of personal data collection, processing, and uses
Our Consent Management Platform is configurable to comply with the opt-in and opt-out consent requirements in nearly 80 different regions. Let’s discuss how in the next sections.
How To Configure Our CMP for Opt-In Consent Requirements
Opt-in consent is when a user actively and knowingly agrees to have their data collected or used in specific ways before it happens.
To configure our CMP tools for regions that require opt-in consent for data collection, ensure you do all of the following steps:
- Have the consent banner enabled
- Turn the Decline button on
- Turn the ‘Preference’ button on
- Select ‘Opt-in’
- Turn off the ‘Implied Consent’ option
See a screenshot of these settings below.
You must offer an opt-in consent option if your users come from any of the following regions:
- United States, Virginia — Consumer Data Protection Act (CDPA)
- European Union (EU) — General Data Protection Regulation (GDPR)
- Argentina — Personal Data Protection Act (PDPA)
- Brazil — General Data Protection Law (LGPD)
- Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)
- Chile — the Protection of Private Life (as amended)
- China — Personal Information Protection Law (PIPL)
- Colombia — the Data Protection Law (Law 1581)
- Czech Republic — Amending Certain Acts in Connection with the Adoption of the Act on the Processing of Personal Data (the Amending Act)
- Japan — Act on the Protection of Personal Information (APPI)
- Kazakhstan — Law of the Republic of Kazakhstan on Personal Data and Its Protection (the Personal Data Law)
- Malaysia — Personal Data Protection Act 2010 (PDPA)
- Mexico — the General Law on Protection of Personal Data Held by Mandated Parties (the Public Sector Law)
- Morocco — the Protection of Individuals with Regard to the Processing of Personal Data (the Law)
- Nigeria — Nigerian Data Protection Regulation (NDPR)
- Philippines — Data Privacy Act of 2012 (DPA)
- Singapore — Personal Data Protection Act (PDPA)
- South Africa — Protection of Personal Information Act (POPIA)
- South Korea — Personal Information Protection Act (PIPA)
- Taiwan — Personal Data Protection Act (PDPA)
- Turkey — Law on Protection of Personal Data No. 6698 (the Data Protection Law)
- United Kingdom (UK) — the Data Protection Act (UK GDPR)
How to Configure Our CMP for Opt-Out Consent Requirements
Legally, when opt-out consent is required, you can set cookies and collect personal information but must provide your users with an easy and obvious way to opt-out.
To configure our CMP tools for opt-out consent requirements, follow these steps:
- Decide if you want to enable the consent banner or not
- If you choose to enable the consent banner, turn the ‘Decline’ button on
- Select ‘opt out’
- Determine if you want to turn on ‘scroll to consent’ or not
- Ensure the consent preference center is easy to find on your website so that users can act on their rights
Below, see a screenshot of these opt-out settings.
If your users live in any of the following regions, you must offer them an opt-out consent option:
- Australia — the Privacy Act of 1988 (The Privacy Act)
- Hong Kong — Personal Data Privacy Ordinance (PDPO)
- India — The IT Act and SPDI Rules (Learn more here)
- New Zealand — Privacy Act 2020 (the 2020 Privacy Act)
- Switzerland — Federal Act on Data Protection (FADP)
- United States, California — amended California Consumer Privacy Act (CCPA)
How Do We Stay Up To Date With New Laws?
Our dedicated legal team stays up to date with new and changing laws by:
- Monitoring and tracking bills, acts, and existing pieces of legislation
- Researching upcoming laws and staying on top of privacy-related news
- Training our entire team about privacy best practices, both internally and externally
- Collaboratively working together — our legal team and data privacy experts work with our product engineers and help maintain all of our tools and services
For example, right now, we’re currently preparing for the:
- Impending cookiepocalypse
- Maryland Online Data Protection Act (MODPA)
- New and upcoming U.S. state-level comprehensive privacy bills
Plus, we’re monitoring the:
- European Union’s Artificial Intelligence Act (EU AI Act)
- American Privacy Rights Act (APRA)
- American Data Privacy and Protection Act (ADPPA)
How Often Do We Update Our Services?
We monitor our tools and services constantly — that’s simply part of our role as privacy compliance partners trusted by thousands of businesses — but we try to deliver updates at least quarterly.
Plus, we make changes to our tools whenever data privacy laws evolve that impact the website policies and agreements we provide.
We email our Termly customers about the changes and service updates as soon as possible. Sometimes we publish a press release-style article about it, too — like this one about our Privacy Policy Generator.
We believe everyone has a right to know how their data gets tracked and used online. Any business that wants to increase its privacy compliance should be able to do so easily and affordably.
So all our tools and resources are built, monitored, and maintained with those goals in mind.
Summary
We built our generators, templates, CMP tools, and compliance solutions to help businesses easily comply with data privacy laws from around the globe.
By working with our legal team and data privacy experts, we can offer you easily adaptable tools that meet the legal requirements outlined by regulations like the GDPR, the amended CCPA, and so much more.
We promise to keep looking forward and continuously update our tools and offerings as new laws come into force, so you can focus on what matters most — your business.
More about the author
Written by Etienne Cussol CIPP/E, CIPM
Etienne is an Information Privacy professional and compliance analyst for Termly. He has been with us since 2021, managing our own compliance with data protection laws and participating in our marketing researches. His fields of expertise - and interest - include data protection (GDPR, ePrivacy Directive, CCPA), tracking technologies (third-party cookies, fingerprinting), and new forms of privacy management (GPC and the Google Privacy Sandbox). Etienne studied International Economic Affairs at the University of Toulouse, and graduated with a Masters in 2017. More about the author
