Cookie Consent Management enables organizations to effectively capture consent before storing cookies and other similar tracking technologies such as beacons, pixels, local storage, and more on data subject’s devices.
The GDPR and e-Privacy Directive require organizations not to load any non-essential cookies on web pages unless they have a cookie consent banner on their website and data subjects have consented to the use of those cookies.
A GDPR and e-Privacy Directive compliant cookie consent banner must:
The CCPA requires organizations to not load any non-essential cookies before displaying relevant information to users about cookies.
A CCPA compliant cookie consent banner must include the following:
Besides, organizations must allow consumers to opt-out of the sale or sharing of personal information and limit the use of their sensitive personal information (under the new law, California Privacy Rights Act). Therefore, organizations must not load any non-essential cookies before notifying data subjects adequately, providing them an opt-out option, and letting them acknowledge the notification.
Moreover, the CCPA requires organizations to obtain the data subject’s consent to sell personal data belonging to minors. Where an organization has actual knowledge that the data subject is less than 16 years of age, it must rely on the explicit opt-in consent for the sale of their personal data and obtain consent from data subjects if they are at least 13 years of age and less than 16 years of age and from parents or guardians of data subjects where they are less than 13 years of age.
GDPR (opt-in consent regime) and CCPA (opt-out consent regime) are not the only examples of data protection laws that require cookie consent notices. Many countries have drafted their laws based on the framework set up by GDPR and CCPA, and therefore, cookie consent notices are required by most global privacy regulations.
A summary of cookie consent banner requirements under opt-in and opt-out consent regimes.