Compliance
Practical guidance on meeting data protection requirements across jurisdictions, from implementation steps to ongoing compliance management. Learn how to audit your website for compliance gaps, set up proper consent mechanisms, maintain documentation, and prepare for regulatory inspections and enforcement actions.
How Payment Gateways Use Cookies: What Stripe, PayPal, and Klarna Set on Your Site
Payment gateways set cookies on your website for fraud detection, session management, and analytics. Understanding which of those cookies qualify as strictly necessary under Article 5(3) of the ePrivacy Directive determines whether you need visitor consent before they fire.
Oregon Consumer Privacy Act: Opt-Out Signals and Sensitive Data Rules
Oregon's Consumer Privacy Act (OCPA) stands out among US state privacy laws for its unusually broad definition of sensitive data and its requirement to honour universal opt-out signals from January 2026. Website owners processing Oregon residents' data need to understand these obligations now.
One-Click Reject: The EU's Push for Simpler Cookie Refusal and What It Means for You
EU regulators and the European Commission are pushing for one-click cookie rejection, requiring refuse and accept buttons to sit side by side on the first layer of every banner. This article breaks down the current enforcement landscape, the Digital Omnibus proposal, and the practical steps your website needs to take right now.
New Zealand's Privacy Act 2020: What It Means for Cookies and Tracking
New Zealand does not have a standalone cookie law like the EU's ePrivacy Directive. The Privacy Act 2020 and its 13 Information Privacy Principles still apply to cookies and tracking technologies whenever they process personal information. A 2025 amendment introducing IPP 3A adds new transparency duties from May 2026.
Montana Consumer Data Privacy Act: Compliance Requirements for Online Businesses
The Montana Consumer Data Privacy Act (MCDPA) has been in force since October 2024 and already received significant amendments through SB 297. This guide covers applicability thresholds, consumer opt-out rights, universal opt-out signal requirements, and the practical steps your website needs to take.
Meta Pixel and Cookie Consent: How to Fire the Pixel Only After Consent
Meta Pixel drops tracking cookies the moment it loads, making it a marketing cookie that requires consent under GDPR and the ePrivacy Directive. This guide covers three practical approaches to firing the Pixel only after a visitor grants permission: the fbq consent API, Google Tag Manager triggers, and server-side Conversions API.
Managing Cookie Consent Across Multiple Websites: A Strategy for Agencies
Agencies managing ten, fifty, or a hundred client websites face a unique cookie compliance challenge: every site needs its own consent configuration, yet the underlying regulatory requirements must be applied consistently. This guide covers the workflows, pitfalls, and technical approaches that make multi-site consent management scalable.
Magento Cookie Consent: How to Handle Third-Party Extensions and Tracking
Magento and Adobe Commerce stores rely heavily on third-party extensions for payments, analytics, and marketing. Each extension can introduce cookies that require consent under GDPR and the ePrivacy Directive. This guide covers how to identify, categorise, and control those cookies properly.
Local Storage, Session Storage, and IndexedDB: Are They Cookies Under the Law?
The ePrivacy Directive's consent requirement applies to all information stored on a user's device, not just HTTP cookies. Local storage, session storage, and IndexedDB all fall within scope. Understanding how regulators treat these technologies helps you avoid compliance gaps that a cookie-only audit would miss.