Compliance
Practical guidance on meeting data protection requirements across jurisdictions, from implementation steps to ongoing compliance management. Learn how to audit your website for compliance gaps, set up proper consent mechanisms, maintain documentation, and prepare for regulatory inspections and enforcement actions.
Google Gemini Cookies Explained: What They Are and Why They Matter
Google Gemini relies on a stack of Google cookies for authentication, analytics, preferences, and advertising. This guide breaks down each cookie type, explains the privacy implications under GDPR and the ePrivacy Directive, and shows you how to handle Gemini-related cookies on your own website.
Claude Code Cookies Explained: What They Are and Why They Matter
Claude.ai and Claude Code set over 30 cookies across necessary, analytics, and marketing categories. This guide breaks down every cookie Anthropic places, explains why Claude Code relies on session cookies for authentication, and covers what website owners embedding Claude-related scripts need to know about consent.
ChatGPT Cookies Explained: What They Are and Why They Matter
OpenAI uses three categories of cookies on ChatGPT: necessary, analytics, and marketing. Some are required to keep you logged in, while others track ad campaign performance across platforms like Google and LinkedIn. If your business integrates ChatGPT, understanding which cookies apply - and when consent is needed - matters more than you might expect.
Why Auto-Translated Cookie Banners Improve UX (and Help You Stay Compliant)
A cookie banner your visitors cannot read is a cookie banner that fails. Auto-translated banners detect browser language and display consent notices in the visitor's own language, improving both the user experience and the legal validity of the consent collected.
What Is India's Digital Personal Data Protection Act? A Website Owner's Guide to the DPDPA
India's Digital Personal Data Protection Act (DPDPA) took partial effect in November 2025 and requires opt-in consent before setting cookies that collect personal data. The law applies to any business offering goods or services to individuals in India, regardless of where the business is based.
Non-Essential Cookies: What They Are, Why They Need Consent, and How to Handle Them
Non-essential cookies cover everything from analytics trackers like Google Analytics to advertising pixels from Meta and Google Ads. Under EU law, none of these may be placed on a visitor's device until they give explicit, informed consent. This guide breaks down the categories, the legal rules, and the practical steps for handling them correctly.
Limiting Collection and Retention: How Long Can You Keep Personal Data Under PIPEDA?
PIPEDA Principles 4 and 5 set strict boundaries on what personal data organisations can collect and how long they can retain it. Collecting more than necessary or holding data indefinitely puts your organisation at risk of OPC enforcement action.
Preparing for Canada's Privacy Law Reform: From PIPEDA to Bill C-27 and Beyond
Canada's federal privacy law, PIPEDA, dates from 2000 and is widely seen as overdue for replacement. Bill C-27 would have introduced the Consumer Privacy Protection Act, but it died on the Order Paper in January 2025. A successor bill is expected in 2026 - here is what it proposed, why it failed, and what you should do now.
PIPEDA Enforcement: Complaints, Investigations and Court Remedies Under Canadian Privacy Law
PIPEDA enforcement follows a complaint-driven model where the Privacy Commissioner investigates alleged violations but cannot impose fines directly. Understanding how complaints move from the OPC to the Federal Court - and what penalties actually apply - is critical for any organisation handling Canadian personal data.