REGULATIONS

【Amended in 2009】 The ePrivacy Directive is commonly referred to as the “cookie law.” It is a piece of EU legislation that regulates how your website is allowed to use cookies and process personal data from visitors inside the European Union.

【May 25, 2018】 Like the cookie law, Under the General Data Protection Regulation (GDPR), a website must obtain explicit consent from users before it can store cookies on user devices. Since GDPR treats cookie identifiers as personal data, the emergence of GDPR cookie consent was inevitable.

【may be effective before 2025】 The EPD’s eventual replacement. The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are drafts of the document online, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp.

【Amended on December, 2018】 The PECR covers the use of cookies and similar technologies for storing information, and accessing information stored, on a user's equipment such as a computer or mobile device.

【January 1, 2020】 The US law requires websites to follow an opt-out approach rather than opt-in for collecting personal information. That is if your business requires you to collect personal information of users (in this case California residents), you must ensure that they have a choice to opt out of it. In short, under the CCPA, a website does not require consent to use cookies.

【July 9, 2021】 The updated guidelines addressed cookie categorization, consent through scrolling, cookie walls, privacy by design and policy, and cookie banner and policy recommendations. Websites had six months to comply with the new guidelines, which took effect January 10, 2022.

【November 1, 2021】 China’s newest data protection law, the PIPL, is the latest in a procession of laws meant to protect the personal data of individuals in China.