Supported privacy laws

CookieHub supports a wide range of privacy and cookie laws using configurable consent models and framework integrations. This page lists the main regulations and how CookieHub helps you comply, based on the expected consent approach in each jurisdiction.

CookieHub provides support for:

Opt-in consent (explicit consent required before tracking)
Opt-out consent (tracking allowed until user opts out)
Signal-based privacy controls (e.g., Global Privacy Control)

When in doubt, we recommend using explicit opt-in for the highest level of compliance.

Opt-in consent laws

These jurisdictions require websites to obtain explicit consent before setting non-essential cookies or processing personal data.

Country Code	Name	Law or Regulation
AT	Austria	GDPR
BE	Belgium	GDPR
BG	Bulgaria	GDPR
HR	Croatia	GDPR
CY	Cyprus	GDPR
CZ	Czechia	GDPR
DK	Denmark	GDPR
EE	Estonia	GDPR
FI	Finland	GDPR
FR	France	GDPR
DE	Germany	GDPR
GR	Greece	GDPR
HU	Hungary	GDPR
IS	Iceland	GDPR
IE	Ireland	GDPR
IT	Italy	GDPR
LV	Latvia	GDPR
LI	Liechtenstein	GDPR
LT	Lithuania	GDPR
LU	Luxembourg	GDPR
MT	Malta	GDPR
NL	Netherlands	GDPR
NO	Norway	GDPR
PL	Poland	GDPR
PT	Portugal	GDPR
RO	Romania	GDPR
SK	Slovakia	GDPR
SI	Slovenia	GDPR
ES	Spain	GDPR
SE	Sweden	GDPR
GB	United Kingdom	UK GDPR
CH	Switzerland	revFADP
BR	Brazil	LGPD
JP	Japan	APPI
SG	Singapore	PDPA
IN	India	DPDP
TR	Turkey	KVKK (PDPL)
AR	Argentina	PDPA
MX¹	Mexico	LFPDPPP

¹ Mexico’s law does not explicitly regulate cookies, but opt-in is recommended for best practice.

Opt-out consent laws

These jurisdictions allow cookies by default if users are clearly informed and can opt out.

Country Code	Name	Law or Regulation
CA	Canada	PIPEDA
CN	China	PIPL
HK	Hong Kong	PDPO
NZ	New Zealand	Privacy Act 2020
NG	Nigeria	NDPR
ZA	South Africa	POPIA
KR	South Korea	PIPA

⚠ Many of these laws are broad and not cookie-specific. CookieHub recommends opt-in globally when requirements are unclear.

US state laws (opt-out with controls)

Several US states require opt-out options for personal data use. CookieHub supports these laws using the IAB Global Privacy Platform (GPP).

State Code	Name	Law or Regulation
CA	California	CPRA
CO	Colorado	CPA
CT	Connecticut	CTDPA
NV	Nevada	SB 220
UT	Utah	UCPA
VA	Virginia	VCDPA
FL	Florida	FDBR
OR	Oregon	OCPA
TX	Texas	TDPSA
MT	Montana	MTCDPA

CookieHub also supports the “Do Not Sell or Share My Personal Information” link where required.

Consent frameworks used by CookieHub

CookieHub Choices
Default framework for opt-in or general cookie compliance (GDPR, LGPD, PDPA, APPI).
IAB GPP
Used for US state privacy laws to support opt-out controls and vendor signaling.
IAB TCF 2.2
Available when you need vendor-level consent for advertising in the EU/UK.

Unless you enable TCF 2.2, CookieHub Choices is used by default to block or allow scripts based on categories and user consent.

Signal-based privacy support

CookieHub respects standardized user privacy signals, such as:

Signal	Description
Global Privacy Control (GPC)	Users sending a GPC signal are opted out of selling/sharing personal data under US laws.

Consent signaling integrations

CookieHub integrates with external frameworks and APIs:

Integration	Description
Google Consent Mode v2	Enabled by default. Maps categories to Google consent parameters.
IAB GPP	Used for US privacy law compliance. Sends structured signals to vendors.
IAB TCF 2.2	Used for EU/EEA compliance. Generates TCF strings for vendors.
Google Additional Consent Mode	Adds consent signaling for Google ATPs outside the IAB GVL.
Microsoft UET Consent Mode	Optional. Adjusts Microsoft Ads tracking based on consent.

Recommendations

If you operate globally, use explicit opt-in unless you are certain a more permissive model is allowed.
Use CookieHub’s geo-targeting to apply different consent models per country or region.
For setup details, see:
- Preconfigured settings
- Consent frameworks overview