IDC Names Securiti a Worldwide Leader in Data Privacy


Cookie Laws, Regulations & Requirements Around the World Q1, 2024

By Anas Baig | Reviewed By Maria Khan
Published January 1, 2024

Businesses must consider many legal provisions when it comes to compliance with global data privacy regimes. However, one of the critical regulations that is prevalent in almost every data privacy and protection law is cookie and consent compliance. A business cannot begin to collect users’ data unless it knows what type of consent requirements apply to it. Some regulations, such as the European Union’s General Data Protection Regulation (EU GDPR), leverage opt-in consents, while other privacy laws, like the California Privacy Rights Act (CPRA), employ an opt-out approach to data collection and processing. Notably, there are now hundreds of countries that have data protection regulations, with each having different consent requirements.

Our legal and privacy experts at Securiti have created a global consent heat map of consent and cookie requirements covering 40+ jurisdictions (including the European Union), demarcating opt-in and opt-out regimes for each. Read to identify data privacy laws specific to your jurisdiction to understand and comply with all the consent requirements that apply therein.

Important Definitions

The following definitions were drawn up based on common consent requirements of major global privacy laws and regulations. For a more accurate understanding of these terms and their corresponding legal obligations, looking into the specific law and guidance relevant to your jurisdiction is recommended.

Opt-in Consent: The data subject consents before collecting and processing personal data. Opt-in consent is also referred to as prior consent.

Opt-out Consent: The data subject’s consent is assumed when collecting and processing their personal data, and the data subject is provided the option to opt-out or object to such processing at that time. Opt-out consent is also referred to as implied consent.

Freely-given Consent: The data subject can refuse or withdraw consent and change their consent preferences at any time, without any detriment. Consent is considered to be freely given if it has been obtained justly, and there are no adverse consequences for refusing such consent on the data subject.

Specific Consent: The data subject’s consent is specific to a specific purpose or a specific data processing activity. Where a service involves multiple processing operations for more than one purpose, the data subject must be able to freely choose specific purposes rather than consenting to a bundle of processing purposes.

Informed Consent: The data subject has been adequately informed about the potential risks and consequences of granting or denying consent when collecting and processing personal data.

Unambiguous Consent: The data subject gives consent explicitly and clearly. No dark patterns have been used to design, modify, or manipulate a user interface with the purpose or substantial effect of impairing a data subject’s choice to provide consent.

Explicit Consent: The data subject provides an express statement of consent or expressly confirms consent in a written statement. In the digital or online context, a data subject can issue the required statement by filling out an electronic form, sending an email, uploading a scanned document carrying the signature of the data subject, or using an electronic signature. Explicit consent may also be obtained via oral statements, telephone conversations, or a two-stage verification process. Explicit consent is also referred to as express consent.

Written Consent: The data subject expresses consent in writing. It can be written consent on paper containing the data subject’s handwritten signature or in the form of an electronic document with an electronic signature. The law may specify further requirements of written consent. It can also be referred to as consent in writing.

Understanding Cookie Consent Requirements Around the Globe

Automate Global Consent Compliance with Securiti PrivacyOps

Managing consent is one of the most challenging tasks, especially for organizations with a high volume of user base. Notably, using manual practices for obtaining and managing consent can be costly, inefficient, and erroneous.

Capture and orchestrate universal consent across all your channels and applications with Securiti PrivacyOps, integration of the Data Command Center.

  • Customize your cookie and consent preference center according to your brand.
  • Deploy customizable consent collection endpoints integrated with regulatory intelligence.
  • Automate records of consent for compliance and auditing.
  • Manage consent via a single dashboard.

Request a demo to see PrivacyOps in action.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


More Stories that May Interest You