Securiti Launches Industry’s First Solution To Automate Compliance


How to ensure compliance with global consent requirements?

By Anas Baig | Reviewed By Maria Khan
Published September 27, 2021 / Updated January 30, 2024

Listen to the content

Global Consent Heat Map

With data protection regulators increasingly focused on legal compliance with consent and cookies, organizations that have not recently assessed their consent practices are encouraged to do so immediately. Our experts at Securiti have published the State of Global Consent Requirements Q4 2021, a global consent heat map of consent and cookie requirements covering 47 jurisdictions (including European Union) and demarcating opt-in and opt-out regimes for each. With this Whitepaper, you can identify regulatory guidance specific to your jurisdiction and ensure compliance with all applicable legal requirements in relation to consent-based data processing.

global consent requirements

It covers:

  • Geographic map demarcating opt-in and opt-out jurisdictions
  • Total 47 Jurisdictions covered including European Union (with 41 opt-in and 6 opt-out jurisdictions)
  • Meanings of Consent and Consent as a Lawful Ground of Processing
  • Specific Cookie Consent Requirements


This Whitepaper includes the following 2021 Regulatory Updates:

  • Russian Amendments to the Federal Law on Personal Data
    The Amendments to the Federal Law on Personal Data require organizations to obtain data subject’s separate consent for publicly disseminated personal data. Consent in all cases must be freely given, specific, informed, and Conscientious.
  • Singapore’s Advisory Guidelines on the Personal Data Protection Act for Selected Topics
    In its Revised Advisory Guidelines (revised 4 October 2021), the Personal Data Protection Commission Singapore clarifies that while consent may be reflected in the way a user configures his/her browser settings, the mere failure of an individual to actively manage his/her browser settings does not imply that the individual has consented to the collection, use, and disclosure of his/her personal data by all websites for their stated purpose.
  • China’s Personal Information Protection Law
    China’s Personal Information Protection Law (comes into effect in November 2021) is based on an opt-in consent regime, requiring consent to be clear, voluntary, and informed. Specific and separate consent is required for the processing of sensitive personal data, providing personal data to a third party, or transferring personal data outside China.
  • Finland’s Guidance on the Use of Cookies
    In its updated Guidance, the Finnish Transport and Communications Agency provides examples of cookies for which consent is required and clarifies that “legitimate interests” is not an appropriate legal basis for the use of non-essential cookies.
  • German draft Federal law for Telecommunications and Telemedia
    The draft German new Federal Act regulating Data Protection and Privacy Protection in Telecommunications and Telemedia (comes into effect in December 2021) requires data controllers to obtain data subjects’ consent prior to the use of non-essential cookies and display clear and understandable information about the use of cookies on cookie consent banners.
  • Italy’s updated Guidance on the Use of Cookies
    In its updated Guidance, the Italian data protection authority emphasizes that consent should apply to all processing activities carried out for the same purpose or purposes - if the processing has multiple purposes, consent should be given for all of these.
  • French CNIL’s updated FAQs on its Guidance on Cookies
    In its updated FAQs, the CNIL emphasizes a granular approach requiring organizations to collect separate consent for separate cookie purposes.
  • Danish DPA’s Quick Guide on Cookies
    In its updated Quick Guide, the Danish DPA emphasizes the use of equal “accept” and “reject” buttons on cookie consent banners.
  • Singapore’s Personal Data Protection Act Amendments
    The amendments to Singapore’s Personal Data Protection Act introduce “deemed consent by contractual necessity” and “deemed consent by notification” to allow organizations to collect, use, and disclose personal data.

Compliance Action Items for Organizations:

  1. Identify which privacy regulations apply to your data subjects and determine whether you should implement an opt-in or opt-out cookie consent banner.
  2. Determine which data processing activities require you to obtain consent from data subjects as per your applicable privacy law.
  3. Find out how consent is defined in the applicable privacy law and whether consent should be explicit or implied.
  4. Find out exceptions to obtaining consent that apply to your specific data processing activity.
  5. Ensure compliance with specific cookie guidance relevant to your jurisdiction.

How Securiti can Help?

Securiti’s Universal Consent Management solution enables organizations to capture users’ consent and facilitate consent revocation for consent-based data processing effectively and automatically.

Securiti’s Cookie Consent Management solution enables organizations to build cookie consent banners as per applicable legal requirements with cookie auto-blocking, periodic scanning, and preference center features.

Ask for a DEMO to understand how Securiti can help you comply with GDPR and a whole host of other global privacy laws and regulations, with ease

Frequently Asked Questions (FAQs)

Global consent, in the context of data protection and privacy regulations, refers to obtaining consent from individuals that applies universally across various services, websites, or processing activities. It means that once a user provides consent, it can be applied to data processing activities across multiple platforms, as long as those activities are covered by the same consent agreement.

Under the General Data Protection Regulation (GDPR), consent must be freely given, specific, informed, and unambiguous. Individuals must have a clear choice and be able to withdraw their consent easily. Consent should be obtained through a clear affirmative action, like ticking a box. It's also important to provide information on the purposes of data processing and the right to withdraw consent.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You