skip to main content

Privacy Laws & Frameworks

CookiePro helps companies comply with the following privacy regulations & frameworks


California Consumer Privacy Act

What is the CCPA?

The California Consumer Privacy Act (CCPA) introduces new data privacy rights for California residents – forcing companies that conduct business in the state of California to implement structural changes to their privacy programs.

How do I achieve compliance?

  • Enable an opt-out for only those specific cookies through a CookiePro-created cookie banner.
  • Provide a “Do Not Sell My Personal Information” link for users to opt out of sale of personal information.
  • Track do not sell requests by many unique identifiers, such as account number or device ID, and respond within 45 days.

When will the CCPA go into effect?

The CCPA will go into effect on January 1, 2020.

What happens if I don't comply with the CCPA?

Failure to comply with the CCPA can result in penalties up to $7,500 USD for each violation.


General Data Protection Regulation

What is the GDPR?

The big name in privacy, the GDPR sets the most strict and far-reaching standards for the handling of user data. It is based on principles of consent, transparency, protection, and user control.

How do I achieve compliance?

  • Provide users with specific and accurate information on all cookies and other tracking technologies.
  • Enable a user to show their consent with a clear, affirmative action.
  • Give users the possibility to opt in and opt out of the various types of cookies, and to have access to their settings and make subsequent changes to them if they change their mind.

When will the GDPR go into effect?

The GDPR went into effect on May 25, 2018.

What happens if I don't comply with the GDPR?

Failure to comply with the GDPR can result in fines as high as 4% of a company’s annual revenue.


The Regulation on Privacy and Electronic Communications

What is ePrivacy?

The e-Privacy regulation is a law currently being constructed by the EU Commission. The ePrivacy Regulation complements the GDPR with a heavier focus on personal privacy, personal data, and confidentiality, specifically in electronic communication.

How do I achieve compliance?

  • Inform users about your data collection activities before storing cookies on a user’s device and/or tracking them and give them the option to choose whether it’s allowed or not.
  • Link a cookie policy or make available details of cookie purpose, usage, and related third-party activities.
  • Clearly state the third-party cookie categories and purpose for tracking.

When will the ePrivacy regulation go into effect?

The European Parliament set out its position on the Regulation in October 2017. However, the Council of the EU, which is made up of ministers of the Member States, has not yet come to a position on the legislation.

What happens if I don't comply with ePrivacy?

Penalties range from up to €10,000,000 or 2% of worldwide annual turnover for some minor incidents and up to €20,000,000, or 4% of worldwide annual turnover, for more serious breaches – whichever is the higher in each case.


Brazilian General Data Protection Law

What is the LGPD?

LGPD was unanimously approved on July 10, 2018 and will become law in 2020. The LGPD carries many similarities with the EU’s General Data Protection Regulation (GDPR), however, it is leaner in comparison.

How do I achieve compliance?

  • Obtain and track consent, as well as allow data holders the right to opt out.
  • Provide clear and accurate information about how the data is being processed.
  • Enable data holders to request that their personal data be deleted after they withdraw consent.

When will the LGPD go into effect?

The LGPD will go into effect in February 2020.

What happens if I don't comply with the LGPD?

Non-compliance with the requirements of the LGPD could result in fines amounting to 2% of gross sales (of the company or a group of companies) or a maximum sum of R $ 50,000,000.00 (fifty million reais) per infringement, approximately USD 12.9 million.