Cookies
Learn how website cookies work, the different types of cookies, and how to manage them effectively to stay compliant with privacy regulations. Discover the difference between first-party and third-party cookies, understand session vs persistent cookies, and find out which cookies require explicit user consent under current data protection laws.
Understanding Cookie Categories: What Each Type Does and When You Need Consent
Every cookie on your website falls into one of four categories, and getting the classification right determines whether you need consent before setting it. Misclassifying a marketing cookie as strictly necessary is one of the fastest ways to attract regulatory attention - the French CNIL issued fines totalling EUR 486 million in 2025 alone, with cookie violations as a top enforcement theme.
IAB TCF v2.3: What Changed, Why It Matters, and What You Need to Do Now
IAB Europe's TCF v2.3 became mandatory on 1 March 2026, making the disclosed vendors segment a required part of every new TC string. Publishers who missed the deadline risk having Google default their ad requests to Limited Ads, directly reducing programmatic revenue. Here is what changed, why it matters, and how to fix it.
What Is DSGVO? A Complete Guide to Data Protection in Germany
DSGVO is simply the German name for the GDPR, but Germany applies it with unique national twists. This guide breaks down the BDSG, TDDDG, and how to stay compliant with German authorities.
What Is POPIA? South Africa's Data Protection Law Explained for Website Owners
POPIA (the Protection of Personal Information Act) is South Africa's comprehensive data protection law, fully enforceable since July 2021. It regulates how websites collect, store, and process personal information - including data gathered through cookies - with penalties reaching ZAR 10 million or up to ten years' imprisonment for serious violations.
What Is PIPEDA? A Plain-English Guide to Canada's Federal Privacy Law
PIPEDA governs how private-sector organisations across Canada collect, use, and disclose personal information during commercial activities. The law applies to Canadian businesses and any foreign company handling Canadian residents' data, with enforcement overseen by the Office of the Privacy Commissioner of Canada.
What Is UK GDPR? The Post-Brexit Data Protection Rules Your Website Must Follow
UK GDPR is the United Kingdom's version of the General Data Protection Regulation, retained in domestic law after Brexit. It works alongside the Data Protection Act 2018 and PECR to regulate how organisations collect, store and use personal data belonging to people in England, Scotland, Wales and Northern Ireland.
What Is the LGPD? A Practical Guide to Brazil's Data Protection Law
Brazil's LGPD (Lei Geral de Protecao de Dados) regulates how personal data is collected and processed for anyone located in Brazil. It applies regardless of where your business is based, covers cookies and online tracking, and carries fines of up to 2% of annual revenue in Brazil.
GDPR and Cookies: Special Categories of Data You Might Be Collecting Without Knowing
Article 9 of the General Data Protection Regulation (GDPR) places strict limits on collecting sensitive information like health data, political opinions, and sexual orientation. Many website owners accidentally process this special category data through standard analytics and marketing cookies.
Legitimate Interest as a Legal Basis: When Can You Skip Consent?
Legitimate interest is the most flexible of the six GDPR legal bases, but it is also the most misunderstood. This guide explains the three-part test you must pass, where legitimate interest works in practice, and why it rarely applies to cookies and tracking technologies.