Comply with US state privacy laws
If your website serves users in the United States, you may be required to comply with state-level privacy laws such as the California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), and other similar regulations.
These laws generally require you to:
- Display a clear cookie notice
- Provide a “Do Not Sell or Share My Personal Information” option
- Allow users to opt out of data sales or targeted advertising
- Respect browser-based opt-out signals, such as Global Privacy Control (GPC)
Supported laws
CookieHub supports compliance with the following active US state laws:
| State | Law | Opt-out required? |
|---|---|---|
| California | CPRA | ✅ Yes |
| Colorado | CPA | ✅ Yes |
| Connecticut | CTDPA | ✅ Yes |
| Utah | UCPA | ✅ Yes |
| Virginia | VCDPA | ✅ Yes |
| Florida | FDBR | ✅ Yes (limited) |
| Oregon | OCPA | ✅ Yes |
| Texas | TDPSA | ✅ Yes |
| Montana | MTCDPA | ✅ Yes |
| Nevada | SB 220 | ✅ Yes (limited) |
Recommended configuration
New domains
- Select the Geo-targeted with CCPA/CPRA opt-out template during domain creation.
- This automatically:
- Enables IAB GPP for users in the US
- Shows the “Do Not Sell or Share My Personal Information” link
- Applies opt-in behavior in other regulated regions
- Respects Global Privacy Control (GPC) signals
- Uses a compact bottom banner layout for users in the US
- This automatically:
Existing domains
- Go to Dashboard → Domain list
- Click on the domain you want to configure
- Click Settings
- Under Regional settings, ensure:
- The United States or specific US states are listed as a region
- The framework is set to IAB GPP
- Click Customize for the region and open the Preference Center tab:
- Enable the “Show personal data tab”
- Optionally, configure CookieHub to automatically opt out specific cookie categories (e.g., Analytics, Marketing) when a user opts out of selling or sharing personal information.
This applies both when a user uses the “Do Not Sell or Share” link or when a GPC signal is received.
How CookieHub ensures compliance
CookieHub uses a combination of frameworks, interface elements, and automatic behavior to help you meet US privacy obligations.
🔹 IAB Global Privacy Platform (GPP)
- Sends the standardized GPP consent string used by many US privacy laws
- CookieHub also includes the legacy IAB US Privacy (USP) string for compatibility with vendors still relying on it
- Activated when IAB GPP is selected for a region
- Supported by platforms such as Google, Meta, and IAB-compliant vendors
Both GPP and US Privacy (USP) signals are included for maximum compatibility.
🔹 “Do Not Sell or Share” link
- Shown to users in the United States when applicable
- Allows users to opt out of the sale or sharing of personal data
- Can trigger cookie category opt-outs or vendor-specific logic
🔹 Global Privacy Control (GPC)
- Automatically detected and respected
- When a GPC signal is received, CookieHub opts the user out of selling and sharing of personal data
- Works in tandem with the IAB GPP and US Privacy strings
🔹 Cookie categories
- CookieHub Choices is used to control consent for individual services
- When configured, specific cookie categories can be disabled automatically when a user opts out via the “Do Not Sell or Share” link or GPC signal
Vendor support
Not all vendors support IAB GPP or US Privacy signals.
Commonly supported platforms include:
- Meta (partial)
- Other IAB-registered ad tech vendors
For unsupported vendors:
- CookieHub blocks scripts via cookie category assignment
- You can configure additional consent logic if needed (see additional consent)
Summary
| Feature | CookieHub support |
|---|---|
| Show “Do Not Sell or Share” link | ✅ Yes |
| Respect US opt-out laws | ✅ Yes |
| Send IAB GPP and US Privacy strings | ✅ Yes |
| Detect and act on GPC signals | ✅ Yes |
| Disable services via category opt-out | ✅ Yes |
| Support per-state customization | ✅ Yes |
Related content
Last updated on