Privacy Laws We Cover

The EU's comprehensive data protection law, effective since May 2018. Applies to all 27 EU member states plus the EEA (Norway, Iceland, Liechtenstein). Requires explicit, informed consent before any non-essential data processing.

The EU's directive specifically targeting electronic communications and cookies. Works alongside GDPR — while GDPR covers data protection broadly, ePrivacy specifically requires consent for storing cookies or accessing device information.

The UK's post-Brexit data protection framework, maintained under the Data Protection Act 2018. Mirrors the EU GDPR in substance — explicit consent is required before placing non-essential cookies.

The most well-known US state privacy law. Gives California residents the right to know what personal information is collected, the right to delete it, and the right to opt out of its sale or sharing. CPRA (effective 2023) strengthened CCPA with additional rights.

One of the first US online privacy laws (2004). Requires websites that collect personal information from California residents to conspicuously post a privacy policy. Works alongside CCPA/CPRA.

Virginia's privacy law, effective January 2023. Gives consumers the right to access, correct, delete, and port their data, and to opt out of targeted advertising, sale of personal data, and profiling.

Colorado's privacy law, effective July 2023. Similar to VCDPA with opt-out rights for targeted advertising and sale of personal data. Requires universal opt-out mechanism recognition.

Connecticut's privacy law, effective July 2023. Provides consumers with rights to access, correct, delete, and port their data, and to opt out of targeted advertising and data sales.

Texas's privacy law, effective July 2024. Applies to businesses operating in Texas that process personal data. Provides standard consumer privacy rights and opt-out mechanisms.

Florida's privacy law, effective July 2024. Applies to businesses with over $1 billion in revenue or that operate certain types of platforms. Provides consumer rights similar to other US state laws.

Utah's privacy law, effective December 2023. The most business-friendly of the US state privacy laws, with narrower consumer rights but still requiring opt-out mechanisms for data sales and targeted advertising.

Additional US state privacy laws enacted in Montana, Oregon, Tennessee, Iowa, Delaware, New Jersey, and New Hampshire. All follow the same opt-out model with consumer rights to access, delete, and opt out of data sales and targeted advertising.

Switzerland's data protection law, revised in September 2023 to align closely with the EU GDPR. Requires consent for non-essential data processing and provides individuals with rights to access, correct, and delete their data.

Canada's federal privacy law governing how private-sector organizations collect, use, and disclose personal information. Requires meaningful consent and gives individuals the right to access and challenge the accuracy of their information.

Quebec's modernized privacy law, fully effective September 2024. The strongest provincial privacy law in Canada — closely mirrors GDPR with explicit consent requirements, privacy impact assessments, and significant penalties.

South Africa's data protection law, fully enforceable since July 2021. Modeled after the EU GDPR, it requires consent for processing personal information and provides individuals with rights to access, correct, and delete their data.

Brazil's comprehensive data protection law, effective since September 2020. Closely modeled after the EU GDPR, it applies to any organization that processes personal data of individuals in Brazil, regardless of where the organization is based.