Supported privacy laws
CookieHub supports a wide range of international privacy and cookie regulations through configurable consent models and framework integrations. This page lists the key laws currently supported and how CookieHub helps you comply with them, based on the expected consent approach in each jurisdiction.
CookieHub provides support for:
- Opt-in consent (explicit user consent required before tracking)
- Opt-out consent (tracking allowed until user opts out)
- Signal-based privacy controls (e.g., Global Privacy Control)
When in doubt, we recommend using explicit opt-in for the highest level of compliance.
Opt-in consent laws
These jurisdictions require websites to obtain explicit consent from users before storing or accessing non-essential cookies or personal data.
| Country Code | Name | Law or Regulation |
|---|---|---|
| AT | Austria | GDPR |
| BE | Belgium | GDPR |
| BG | Bulgaria | GDPR |
| HR | Croatia | GDPR |
| CY | Cyprus | GDPR |
| CZ | Czechia | GDPR |
| DK | Denmark | GDPR |
| EE | Estonia | GDPR |
| FI | Finland | GDPR |
| FR | France | GDPR |
| DE | Germany | GDPR |
| GR | Greece | GDPR |
| HU | Hungary | GDPR |
| IS | Iceland | GDPR |
| IE | Ireland | GDPR |
| IT | Italy | GDPR |
| LV | Latvia | GDPR |
| LI | Liechtenstein | GDPR |
| LT | Lithuania | GDPR |
| LU | Luxembourg | GDPR |
| MT | Malta | GDPR |
| NL | Netherlands | GDPR |
| NO | Norway | GDPR |
| PL | Poland | GDPR |
| PT | Portugal | GDPR |
| RO | Romania | GDPR |
| SK | Slovakia | GDPR |
| SI | Slovenia | GDPR |
| ES | Spain | GDPR |
| SE | Sweden | GDPR |
| GB | United Kingdom | UK GDPR |
| CH | Switzerland | revFADP |
| BR | Brazil | LGPD |
| JP | Japan | APPI |
| SG | Singapore | PDPA |
| IN | India | DPDP |
| TR | Turkey | KVKK (PDPL) |
| AR | Argentina | PDPA |
| MX | Mexico | LFPDPPP¹ |
¹ Mexico’s law does not explicitly regulate cookies, but opt-in behavior is recommended for alignment with international best practices.
Opt-out consent laws
These jurisdictions allow websites to set non-essential cookies by default, as long as users are clearly informed and given the ability to opt out.
| Country Code | Name | Law or Regulation |
|---|---|---|
| CA | Canada | PIPEDA |
| CN | China | PIPL |
| HK | Hong Kong | PDPO |
| NZ | New Zealand | Privacy Act 2020 |
| NG | Nigeria | NDPR |
| ZA | South Africa | POPIA |
| KR | South Korea | PIPA |
⚠ Many of these laws are broad and not cookie-specific. CookieHub recommends opt-in behavior globally when compliance requirements are unclear.
US state laws (opt-out with specific consent controls)
Several US states require businesses to provide clear notice and opt-out options for personal data use. CookieHub provides built-in support for US privacy frameworks and signaling mechanisms, such as IAB GPP.
| State Code | Name | Law or Regulation |
|---|---|---|
| CA | California | CPRA |
| CO | Colorado | CPA |
| CT | Connecticut | CTDPA |
| NV | Nevada | SB 220 |
| UT | Utah | UCPA |
| VA | Virginia | VCDPA |
| FL | Florida | FDBR |
| OR | Oregon | OCPA |
| TX | Texas | TDPSA |
| MT | Montana | MTCDPA |
CookieHub uses the IAB Global Privacy Platform (GPP) to manage US opt-out preferences and supports the “Do Not Sell or Share My Personal Information” interface element where required.
Consent framework used by CookieHub
CookieHub uses different consent frameworks depending on the legal environment:
- CookieHub Choices is the default internal framework used to manage consent across all regions that require opt-in or general cookie regulation (e.g., GDPR, LGPD, PDPA, APPI).
- In the United States, CookieHub uses the IAB Global Privacy Platform (GPP) in addition to CookieHub Choices to support state-specific laws that require opt-out controls and standardized signaling.
Unless you explicitly enable an external framework (such as IAB TCF 2.2), CookieHub Choices is used to control cookie behavior, categorize services, and block or allow scripts based on user preferences.
For more technical details, see CookieHub Choices.
Signal-based privacy support
CookieHub respects standardized user-driven privacy signals, such as:
| Signal | Description |
|---|---|
| Global Privacy Control (GPC) | If a user’s browser sends a GPC signal, CookieHub automatically opts them out of selling and sharing of personal data, in line with US privacy laws. |
Consent signaling frameworks
CookieHub integrates with several external consent frameworks and APIs to forward user preferences to external platforms and vendors:
| Integration | Description |
|---|---|
| Google Consent Mode v2 | Automatically enabled in all templates. CookieHub sets consent signals for ad_storage, analytics_storage, and other parameters based on user choices. |
| IAB GPP | Used for compliance with US state privacy laws. A structured consent string is sent to participating vendors. |
| IAB TCF 2.2 | Used in the EU/EEA when configured. CookieHub generates a TCF consent string that vendors can use to adjust behavior. |
| Google Additional Consent Mode | Enabled when using TCF to support Google’s ad tech partners. |
| Microsoft UET Consent Mode | Optional. Allows Microsoft Ads to respect the user’s consent preferences. |
CookieHub acts as a signaling platform for these frameworks and does not rely on incoming user signals (except GPC).
Recommendations
- If you operate globally, use explicit opt-in unless you are certain a more permissive model is legally acceptable in a specific region.
- CookieHub allows you to configure consent models per country or region through its geo-targeting features (see How regional framework rules work).
- For technical setup details, see Preconfigured settings and Framework references.