Privacy
Stay informed about online privacy best practices, data protection strategies, and how to build trust with your website visitors. Explore topics like data minimisation, user rights management, transparent data collection practices, and the evolving landscape of digital privacy across Europe, the US, and beyond.
Kentucky Consumer Data Protection Act (KCDPA): A New Privacy Law for 2026
Kentucky's Consumer Data Protection Act became enforceable on 1 January 2026, making it the sixteenth US state to adopt a comprehensive privacy law. Modelled on Virginia's VCDPA, the KCDPA follows an opt-out framework with opt-in consent required for sensitive data processing.
Indiana Consumer Data Protection Act (ICDPA): What Changed on 1 January 2026
Indiana's consumer data protection law became enforceable on 1 January 2026, granting residents opt-out rights over targeted advertising, data sales, and profiling. If your website collects personal data from Indiana residents, you need to understand the thresholds, rights, and obligations the ICDPA introduces.
How to Honour GPC Signals on Your Website: A Technical Implementation Guide
Global Privacy Control is now legally binding in California, Colorado, Connecticut, and other US states. This guide covers how to detect the Sec-GPC header server-side, read the navigator.globalPrivacyControl property client-side, and integrate GPC signal handling with your consent management platform.
Hotjar and Cookie Consent: Session Recordings, Heatmaps, and Privacy
Hotjar records visitor sessions, generates heatmaps, and sets several first-party cookies on your domain. Every one of those cookies falls outside the strictly necessary category, which means you need explicit consent before the tracking code fires. This guide covers the specific cookies Hotjar sets, the legal basis for processing, and how to load the script only after your visitors say yes.
GPC vs Cookie Banners: Do You Still Need a Consent Banner If You Support GPC?
Supporting Global Privacy Control on your website does not mean you can remove your cookie consent banner. GPC acts as an opt-out signal under US state privacy laws, but GDPR and the ePrivacy Directive still require prior opt-in consent for non-essential cookies.
First-Party vs Third-Party Cookies: The Difference That Defines Modern Tracking
First-party and third-party cookies differ in who sets them and what they can track. Browsers like Safari and Firefox already block third-party cookies by default, while Chrome keeps them alive with user controls. This distinction shapes both your tracking capabilities and your legal obligations.
The EU Omnibus Directive: How Proposed GDPR Changes Could Simplify Cookie Consent
The European Commission's Digital Omnibus package, published in November 2025, proposes folding cookie consent rules directly into the GDPR. The changes include a first-party analytics exemption, a six-month block on repeat consent prompts, and a future shift toward browser-based consent signals.
The EU ePrivacy Regulation: Where It Stands and What to Expect
After eight years of failed negotiations, the European Commission formally withdrew the ePrivacy Regulation proposal in February 2025. Cookie consent rules now remain governed by the 2002 ePrivacy Directive, while the Digital Omnibus package proposes folding cookie rules directly into the GDPR.
COPPA Explained: The US Law Protecting Children's Data Online
The Children's Online Privacy Protection Act (COPPA) sets strict rules for collecting personal information from children under 13 in the United States. If your website or app could attract young users, you need to understand how COPPA works and what the FTC expects from you.