Privacy
Stay informed about online privacy best practices, data protection strategies, and how to build trust with your website visitors. Explore topics like data minimisation, user rights management, transparent data collection practices, and the evolving landscape of digital privacy across Europe, the US, and beyond.
What Is the UAE PDPL? A Practical Guide to the Personal Data Protection Law for Website Owners
The UAE's Personal Data Protection Law (PDPL) sets out strict rules on how organisations collect, store, and process personal data of individuals in the Emirates. With fines reaching AED 5 million and executive regulations still pending, the law sits in an unusual space - already binding in principle, yet still awaiting the details that will trigger full enforcement.
Google Gemini Cookies Explained: What They Are and Why They Matter
Google Gemini relies on a stack of Google cookies for authentication, analytics, preferences, and advertising. This guide breaks down each cookie type, explains the privacy implications under GDPR and the ePrivacy Directive, and shows you how to handle Gemini-related cookies on your own website.
Claude Code Cookies Explained: What They Are and Why They Matter
Claude.ai and Claude Code set over 30 cookies across necessary, analytics, and marketing categories. This guide breaks down every cookie Anthropic places, explains why Claude Code relies on session cookies for authentication, and covers what website owners embedding Claude-related scripts need to know about consent.
ChatGPT Cookies Explained: What They Are and Why They Matter
OpenAI uses three categories of cookies on ChatGPT: necessary, analytics, and marketing. Some are required to keep you logged in, while others track ad campaign performance across platforms like Google and LinkedIn. If your business integrates ChatGPT, understanding which cookies apply - and when consent is needed - matters more than you might expect.
What Is India's Digital Personal Data Protection Act? A Website Owner's Guide to the DPDPA
India's Digital Personal Data Protection Act (DPDPA) took partial effect in November 2025 and requires opt-in consent before setting cookies that collect personal data. The law applies to any business offering goods or services to individuals in India, regardless of where the business is based.
Limiting Collection and Retention: How Long Can You Keep Personal Data Under PIPEDA?
PIPEDA Principles 4 and 5 set strict boundaries on what personal data organisations can collect and how long they can retain it. Collecting more than necessary or holding data indefinitely puts your organisation at risk of OPC enforcement action.
Preparing for Canada's Privacy Law Reform: From PIPEDA to Bill C-27 and Beyond
Canada's federal privacy law, PIPEDA, dates from 2000 and is widely seen as overdue for replacement. Bill C-27 would have introduced the Consumer Privacy Protection Act, but it died on the Order Paper in January 2025. A successor bill is expected in 2026 - here is what it proposed, why it failed, and what you should do now.
PIPEDA Enforcement: Complaints, Investigations and Court Remedies Under Canadian Privacy Law
PIPEDA enforcement follows a complaint-driven model where the Privacy Commissioner investigates alleged violations but cannot impose fines directly. Understanding how complaints move from the OPC to the Federal Court - and what penalties actually apply - is critical for any organisation handling Canadian personal data.
Provincial Privacy Laws vs PIPEDA: Understanding Substantially Similar Legislation in Canada
Three Canadian provinces have private-sector privacy laws deemed substantially similar to PIPEDA: Alberta, British Columbia, and Quebec. Which law applies depends on where your organisation operates, whether data crosses provincial borders, and whether you qualify as a federal work, undertaking, or business.