Skip to Content
FeaturesRegions / Geo-targeting

Regions / Geo-targeting

One of the powerful features of CookieHub is the ability to adapt consent behavior based on the user’s geographic location.

Using Regions, you can define how consent is collected, which dialog is shown, and which privacy framework applies for users in specific countries or states.

Regions can represent a single country, a U.S. state, or a predefined group of countries with similar privacy requirements. Each region can be configured independently in the CookieHub dashboard.

Note on Regulatory Updates: Privacy regulations are constantly evolving. The region groups listed below reflect the regulatory landscape as of January 2026.

CookieHub actively monitors global privacy laws (such as new U.S. state regulations or updates to international data protection acts) and updates these pre-defined definitions as new laws come into effect. When a new law becomes enforceable, CookieHub automatically updates the relevant region group logic to ensure continued compliance without requiring manual reconfiguration on your part.

Pre-defined regions

GDPR & GDPR-equivalent regions (EU, EEA, UK & similar)

This region includes countries and territories where strict, GDPR-style consent requirements apply.

Users located in these jurisdictions must provide explicit consent (opt-in) before non-essential cookies or similar technologies are used.

The group covers the European Union (EU), European Economic Area (EEA), the United Kingdom, and other jurisdictions with GDPR-equivalent consent expectations, such as Switzerland and certain European overseas territories.

This region is typically used when full compliance with GDPR, ePrivacy-style rules, and equivalent national laws is required.

Country codeNameLaws or regulations
AXÅland IslandsGDPR
ATAustriaGDPR
BEBelgiumGDPR
BGBulgariaGDPR
HRCroatiaGDPR
CYCyprusGDPR
CZCzechiaGDPR
DKDenmarkGDPR
EEEstoniaGDPR
FOFaroe IslandsAct on Processing of Personal Data (2020)
FIFinlandGDPR
FRFranceGDPR
GFFrench GuianaGDPR
PFFrench PolynesiaCNIL
DEGermanyGDPR
GIGibraltarGibraltar GDPR
GRGreeceGDPR
GPGuadeloupeGDPR
HUHungaryGDPR
ISIcelandGDPR
IEIrelandGDPR
ITItalyGDPR
LVLatviaGDPR
LILiechtensteinGDPR
LTLithuaniaGDPR
LULuxembourgGDPR
MTMaltaGDPR
MQMartiniqueGDPR
YTMayotteGDPR
MCMonacoLaw No. 1.565 of 3 Dec 2024
NLNetherlandsGDPR
NCNew CaledoniaCNIL
NONorwayGDPR
PNPitcairnUK GDPR
PLPolandGDPR
PTPortugalGDPR
RERéunionGDPR
RORomaniaGDPR
BLSaint BarthélemyGDPR
MFSaint Martin (French part)GDPR
PMSaint Pierre and MiquelonGDPR
SMSan MarinoLaw No. 171/2018
SKSlovakiaGDPR
SISloveniaGDPR
ESSpainGDPR
SJSvalbard and Jan MayenGDPR
SESwedenGDPR
CHSwitzerlandrevFADP
GBUnited KingdomUK GDPR
WFWallis and FutunaCNIL

US (“Do not sell or share” states)

This region includes U.S. states with comprehensive privacy laws that grant users the right to opt out of the sale or sharing of personal data, including data used for targeted advertising.

In these states, CookieHub typically presents a “Do not sell or share my personal data” option and honors applicable opt-out signals in accordance with state law.

This region is intended for compliance with laws such as the California Consumer Privacy Act (CCPA/CPRA) and other state-level privacy frameworks with similar requirements.

StateNameLaws or regulations
US-CACaliforniaCPRA
US-COColoradoCPA
US-CTConnecticutCTDPA
US-DEDelawareDPDPA
US-INIndianaICDPA
US-IAIowaICDPA
US-KYKentuckyKCDPA
US-MDMarylandMODPA
US-MNMinnesotaMCDPA
US-MTMontanaMTCDPA
US-NENebraskaNDPA
US-NVNevadaSB 220
US-NHNew HampshireNHPA
US-NJNew JerseyNJDPA
US-OROregonOCPA
US-RIRhode IslandRIDTPPA
US-TNTennesseeTIPA
US-TXTexasTDPSA
US-UTUtahUCPA
US-VAVirginiaVCDPA

This region includes U.S. states that do not currently have comprehensive privacy laws equivalent to CCPA/CPRA, but where opt-out consent and transparency are recommended based on consumer protection laws, regulatory guidance, or enforcement trends.

While explicit opt-in consent is generally not required in these states, providing clear notice and opt-out mechanisms is considered best practice and may reduce legal and reputational risk.

StateNameLaws or regulations
ASAmerican SamoaFTC Jurisdiction
US-DCDistrict of ColumbiaDCDPA
US-FLFloridaFDBR
GUGuamFTC Jurisdiction
US-ILIllinoisBroad privacy + consent expectations (outside BIPA)
US-MAMassachusettsConsumer protection / privacy expectations
US-NYNew YorkConsumer protection / privacy expectations
MPNorthern Mariana IslandsFTC Jurisdiction
US-PAPennsylvaniaConsumer protection / privacy expectations
PRPuerto RicoFTC Jurisdiction
VIVirgin Islands (U.S.)FTC Jurisdiction
US-WAWashingtonConsent-heavy laws (data-type specific, no sale/share)

This region includes countries outside the EU, EEA, UK, and United States where privacy laws or regulatory guidance generally require explicit consent (opt-in) for the use of cookies or similar tracking technologies.

These jurisdictions often have comprehensive data protection laws inspired by or aligned with GDPR principles, even if they are not part of the European regulatory framework.

CookieHub recommends using opt-in consent in these countries to ensure compliance with local privacy expectations and enforcement practices.

Country codeNameLaws or regulations
ALAlbaniaLaw No. 9887/2008
DZAlgeriaLaw 18-07
ADAndorraLQPD
ARArgentinaLaw 25,326
BYBelarusPersonal Data Protection, 2021
BABosnia and HerzegovinaLaw on Protection of Personal Data
BRBrazilLGPD
IOBritish Indian Ocean TerritoryGDPR-inspired local framework
CACanadaPIPEDA
CLChileLaw 19.628
CNChinaPIPL
COColombiaLaw 1581
CRCosta RicaLaw 8968
CICôte d’IvoireLaw No. 2013-450
ECEcuadorOrganic Law on Personal Data Protection
EGEgyptPersonal Data Protection Law No. 151/2020
GHGhanaData Protection Act 2012
GGGuernseyData Protection (Bailiwick of Guernsey)
VAHoly SeeGeneral Regulation on Personal Data Protection
INIndiaDPDP
IDIndonesiaPDP Law 2022
IMIsle of ManData Protection Act 2018
ILIsraelProtection of Privacy Law
JPJapanAPPI
JEJerseyData Protection (Jersey) Law 2018
KEKenyaData Protection Act 2019
MYMalaysiaPDPA
MUMauritiusData Protection Act 2017
MXMexicoLFPDPPP
MDMoldova, Republic ofLaw No. 133/2011 (Personal Data Protection)
MEMontenegroPersonal Data Protection Law (2018; GDPR-alignment track)
MAMoroccoLaw 09-08
MZMozambiqueLaw No. 22/2014 (Personal Data Protection)
MKNorth MacedoniaLaw on Personal Data Protection (effective 2020)
PAPanamaLaw 81
PYParaguayLaw 6534
PEPeruLaw 29733
PHPhilippinesData Privacy Act
QAQatarPDP Law
RURussian FederationFederal Law 152-FZ
RWRwandaLaw No. 058/2021
SASaudi ArabiaPDPL
SNSenegalLaw No. 2008-12
RSSerbiaLaw on Personal Data Protection (87/2018)
KRSouth KoreaPIPA
LKSri LankaPersonal Data Protection Act
TZTanzaniaPersonal Data Protection Act 2022
THThailandPDPA
TNTunisiaOrganic Law No. 2004-63
TRTurkeyPDPL/KVKK
UGUgandaData Protection and Privacy Act 2019
UAUkraineLaw No. 2297-VI
AEUnited Arab EmiratesUAE Federal PDPL
UYUruguayLaw 18.331
VNVietnamPDP Decree
ZMZambiaData Protection Act 2021
ZWZimbabweData Protection Act 2021

This region includes countries where privacy laws generally allow the use of cookies based on implied consent (opt-out), provided that users receive clear notice and meaningful choices.

In many of these jurisdictions, cookie-specific requirements are less explicit or are interpreted differently than under GDPR. However, enforcement practices and guidance may vary.

Due to this uncertainty, CookieHub recommends evaluating whether opt-in consent is more appropriate for your use case, even if opt-out consent is legally permissible.

Country code / StateNameLaws or regulations
AUAustraliaPrivacy Act 1988
GLGreenlandAct on Processing of Personal Data (2016)
HKHong KongPDPO
MOMacaoPDP Law
NZNew ZealandPrivacy Act 2020
NGNigeriaNDPA 2023
SGSingaporePDPA
ZASouth AfricaPOPI
TWTaiwanPDPA
Last updated on
Automatic cookie blockerLanguages & translations