Skip to content
Global Compliance

Privacy Laws and Cookie
Consent Rules Worldwide

Over 40 jurisdictions now regulate how websites collect data and set cookies. From the EU's strict opt-in model to US state-level opt-out laws, every region handles consent differently. Kukie auto-detects visitor location and applies the right rules.

Explore Regulations ↓ Start Free →

This page is your comprehensive guide to global privacy regulations and cookie consent requirements. Browse by region to find the laws that apply to your visitors, understand the consent model each jurisdiction requires, and read our in-depth guides for every regulation.

40+

Jurisdictions covered

6

Regions worldwide

3

Consent models

Region

Europe (EU, UK & EEA)

Europe pioneered the opt-in consent model. The GDPR, ePrivacy Directive, and national implementations all require explicit prior consent before setting non-essential cookies. Enforcement is active, with significant fines issued regularly.

Opt-In Germany

DSGVO

Germany's implementation of the GDPR, enforced by 16 state-level data protection authorities plus the BfDI at federal level.

Opt-In France

CNIL Guidelines

France's data protection authority CNIL enforces strict cookie consent rules, including equal prominence for accept and reject buttons.

Opt-In Switzerland

FADP

The revised Swiss Federal Act on Data Protection, aligned closely with GDPR standards for cross-border data adequacy.

Opt-In European Union

Digital Markets Act

The DMA regulates gatekeeper platforms, impacting how Big Tech handles consent and data sharing across the digital ecosystem.

Opt-In European Union

EU Omnibus Directive

Proposed changes to GDPR enforcement, including a framework for legitimate interest in direct marketing and streamlined compliance for SMEs.

Opt-In European Union

IAB TCF v2.3

The IAB Transparency and Consent Framework - an industry standard for communicating consent signals across the ad tech supply chain.

Region

United States

The US has no federal privacy law. Instead, over 20 states have passed their own data privacy legislation, most following an opt-out model where data collection is allowed but consumers can refuse the sale or sharing of their information.

Comparison guide

US State Privacy Laws Compared

Side-by-side comparison of all state-level privacy laws - covering consent models, consumer rights, enforcement mechanisms, and effective dates.

Read the comparison →
Opt-Out Virginia, USA

VCDPA

Virginia's Consumer Data Protection Act - one of the first states to follow California with a comprehensive privacy framework.

Opt-Out Colorado, USA

CPA

Colorado's Privacy Act requires data controllers to honour universal opt-out mechanisms including Global Privacy Control.

Opt-Out Connecticut, USA

CTDPA

Connecticut's data privacy act with broad consumer rights and a requirement to process universal opt-out signals.

Opt-Out Texas, USA

TDPSA

Texas's data privacy law applies to businesses processing data of Texas residents, with a focus on data sale opt-out rights.

Opt-Out Oregon, USA

OCPA

Oregon's Consumer Privacy Act includes broad definitions of personal data and requires opt-out mechanisms for targeted advertising.

Federal & Cross-Cutting US Laws

Region

Brazil

Brazil's Lei Geral de Proteção de Dados (LGPD) is a comprehensive data protection law modelled on the GDPR. It requires explicit consent for data processing, with enforcement by the ANPD national authority.

Region

Canada

Canada's PIPEDA requires meaningful consent for the collection, use, and disclosure of personal information. Provinces can enact "substantially similar" legislation, and Bill C-27 proposes a complete overhaul via the CPPA.

Region

Asia-Pacific

Asia-Pacific is a patchwork of consent regimes. China's PIPL and South Korea's PIPA require strict opt-in consent, while India and Thailand take a lighter notice-based approach. Data localisation requirements add additional complexity.

Opt-In China

PIPL

China's comprehensive Personal Information Protection Law - requires separate consent for cross-border transfers and sensitive data processing.

Read the full guide →
Opt-In Japan

APPI

Japan's Act on Protection of Personal Information, with strict rules on personal data handling and cross-border transfers.

Read the full guide →
Opt-In Singapore

PDPA

Singapore's Personal Data Protection Act balances business needs with individual privacy through a consent-based framework.

Read the full guide →
Notice-Only Thailand

PDPA

Thailand's data protection act modelled on the GDPR, with consent requirements and breach notification obligations.

Read the full guide →
Notice-Only India

DPDPA

India's Digital Personal Data Protection Act - applies to digital personal data with a notice-and-consent framework.

Read the full guide →
Opt-In South Korea

PIPA

South Korea's Personal Information Protection Act is one of the strictest in Asia, with heavy fines and criminal penalties.

Read the full guide →
Notice-Only Australia

Privacy Act

Australia's Privacy Act governs handling of personal information by government agencies and organisations above the revenue threshold.

Read the full guide →
Notice-Only New Zealand

Privacy Act 2020

New Zealand's updated privacy framework with mandatory breach reporting and cross-border disclosure controls.

Read the full guide →
Notice-Only Philippines

Data Privacy Act

The Philippines' DPA protects individual personal information with consent requirements and a national privacy commission.

Read the full guide →
Notice-Only Vietnam

Decree 13/2023

Vietnam's data protection decree introduces consent obligations and data localisation requirements for certain categories.

Read the full guide →
Region

Middle East & Africa

Data protection regulation in the Middle East and Africa is growing rapidly. South Africa's POPIA is one of the most comprehensive, while the UAE and Saudi Arabia have introduced modern frameworks for their digital economies.

Notice-Only United Arab Emirates

UAE PDPL

The UAE's federal Personal Data Protection Law establishes data processing principles and consent requirements for the UAE's rapidly growing digital economy.

Read the full guide →
Opt-In South Africa

POPIA

South Africa's Protection of Personal Information Act is a GDPR-inspired framework requiring lawful processing, consent, and notification of data subjects.

Read the full guide →
Multi-region

Cross-Border and Technical Compliance

Some compliance topics apply across multiple jurisdictions. These guides cover consent mechanisms, industry standards, and technical requirements that span the regulatory landscape.

Cookie Categories

Understanding the different types of cookies and how to categorise them for compliance.

Read guide →

Google Consent Mode v2

How Google Consent Mode works with your cookie banner to preserve analytics and ad measurement.

Read guide →

Opt-In vs Opt-Out

The key differences between consent models and when each applies to your website.

Read guide →

Data Sovereignty

Where data can be stored and processed - cross-border transfer rules across jurisdictions.

Read guide →

Children's Privacy Worldwide

Age verification, parental consent, and child-specific protections across global regulations.

Read guide →

Dark Patterns in Cookie Banners

What counts as a deceptive design pattern and how regulators are cracking down.

Read guide →

Global Privacy Control

The browser-level universal opt-out signal and which laws require you to honour it.

Read guide →

Cookie Consent Fines

A look at enforcement actions and fines issued for cookie consent violations.

Read guide →

One Banner, Every Jurisdiction

Kukie auto-detects each visitor's location and applies the correct consent model - opt-in for the EU, opt-out for the US, notice for everywhere else. Start with a free scan to see what your site is setting.

Start Free → Free Cookie Scanner