Regions and geo-targeting
One of the powerful features of CookieHub is the ability to adapt consent behavior based on the user’s geographic location.
Using Regions, you can define how consent is collected, which dialog is shown, and which privacy framework applies for users in specific countries or states.
Regions can represent a single country, a U.S. state, or a predefined group of countries with similar privacy requirements. Each region can be configured independently in the CookieHub dashboard.
Note on Regulatory Updates: Privacy regulations are constantly evolving. The region groups listed below reflect the regulatory landscape as of January 2026.
CookieHub actively monitors global privacy laws (such as new U.S. state regulations or updates to international data protection acts) and updates these pre-defined definitions as new laws come into effect. When a new law becomes enforceable, CookieHub automatically updates the relevant region group logic to ensure continued compliance without requiring manual reconfiguration on your part.
Pre-defined regions
GDPR & GDPR-equivalent regions (EU, EEA, UK & similar)
This region includes countries and territories where strict, GDPR-style consent requirements apply.
Users located in these jurisdictions must provide explicit consent (opt-in) before non-essential cookies or similar technologies are used.
The group covers the European Union (EU), European Economic Area (EEA), the United Kingdom, and other jurisdictions with GDPR-equivalent consent expectations, such as Switzerland and certain European overseas territories.
This region is typically used when full compliance with GDPR, ePrivacy-style rules, and equivalent national laws is required.
| Country code | Name | Laws or regulations |
|---|---|---|
| AX | Åland Islands | GDPR |
| AT | Austria | GDPR |
| BE | Belgium | GDPR |
| BG | Bulgaria | GDPR |
| HR | Croatia | GDPR |
| CY | Cyprus | GDPR |
| CZ | Czechia | GDPR |
| DK | Denmark | GDPR |
| EE | Estonia | GDPR |
| FO | Faroe Islands | Act on Processing of Personal Data (2020) |
| FI | Finland | GDPR |
| FR | France | GDPR |
| GF | French Guiana | GDPR |
| PF | French Polynesia | CNIL |
| DE | Germany | GDPR |
| GI | Gibraltar | Gibraltar GDPR |
| GR | Greece | GDPR |
| GP | Guadeloupe | GDPR |
| HU | Hungary | GDPR |
| IS | Iceland | GDPR |
| IE | Ireland | GDPR |
| IT | Italy | GDPR |
| LV | Latvia | GDPR |
| LI | Liechtenstein | GDPR |
| LT | Lithuania | GDPR |
| LU | Luxembourg | GDPR |
| MT | Malta | GDPR |
| MQ | Martinique | GDPR |
| YT | Mayotte | GDPR |
| MC | Monaco | Law No. 1.565 of 3 Dec 2024 |
| NL | Netherlands | GDPR |
| NC | New Caledonia | CNIL |
| NO | Norway | GDPR |
| PN | Pitcairn | UK GDPR |
| PL | Poland | GDPR |
| PT | Portugal | GDPR |
| RE | Réunion | GDPR |
| RO | Romania | GDPR |
| BL | Saint Barthélemy | GDPR |
| MF | Saint Martin (French part) | GDPR |
| PM | Saint Pierre and Miquelon | GDPR |
| SM | San Marino | Law No. 171/2018 |
| SK | Slovakia | GDPR |
| SI | Slovenia | GDPR |
| ES | Spain | GDPR |
| SJ | Svalbard and Jan Mayen | GDPR |
| SE | Sweden | GDPR |
| CH | Switzerland | revFADP |
| GB | United Kingdom | UK GDPR |
| WF | Wallis and Futuna | CNIL |
US (“Do not sell or share” states)
This region includes U.S. states with comprehensive privacy laws that grant users the right to opt out of the sale or sharing of personal data, including data used for targeted advertising.
In these states, CookieHub typically presents a “Do not sell or share my personal data” option and honors applicable opt-out signals in accordance with state law.
This region is intended for compliance with laws such as the California Consumer Privacy Act (CCPA/CPRA) and other state-level privacy frameworks with similar requirements.
| State | Name | Laws or regulations |
|---|---|---|
| US-CA | California | CPRA |
| US-CO | Colorado | CPA |
| US-CT | Connecticut | CTDPA |
| US-DE | Delaware | DPDPA |
| US-IN | Indiana | ICDPA |
| US-IA | Iowa | ICDPA |
| US-KY | Kentucky | KCDPA |
| US-MD | Maryland | MODPA |
| US-MN | Minnesota | MCDPA |
| US-MT | Montana | MTCDPA |
| US-NE | Nebraska | NDPA |
| US-NV | Nevada | SB 220 |
| US-NH | New Hampshire | NHPA |
| US-NJ | New Jersey | NJDPA |
| US-OR | Oregon | OCPA |
| US-RI | Rhode Island | RIDTPPA |
| US-TN | Tennessee | TIPA |
| US-TX | Texas | TDPSA |
| US-UT | Utah | UCPA |
| US-VA | Virginia | VCDPA |
US (Recommended opt-out states)
This region includes U.S. states that do not currently have comprehensive privacy laws equivalent to CCPA/CPRA, but where opt-out consent and transparency are recommended based on consumer protection laws, regulatory guidance, or enforcement trends.
While explicit opt-in consent is generally not required in these states, providing clear notice and opt-out mechanisms is considered best practice and may reduce legal and reputational risk.
| State | Name | Laws or regulations |
|---|---|---|
| AS | American Samoa | FTC Jurisdiction |
| US-DC | District of Columbia | DCDPA |
| US-FL | Florida | FDBR |
| GU | Guam | FTC Jurisdiction |
| US-IL | Illinois | Broad privacy + consent expectations (outside BIPA) |
| US-MA | Massachusetts | Consumer protection / privacy expectations |
| US-NY | New York | Consumer protection / privacy expectations |
| MP | Northern Mariana Islands | FTC Jurisdiction |
| US-PA | Pennsylvania | Consumer protection / privacy expectations |
| PR | Puerto Rico | FTC Jurisdiction |
| VI | Virgin Islands (U.S.) | FTC Jurisdiction |
| US-WA | Washington | Consent-heavy laws (data-type specific, no sale/share) |
Recommended opt-in (excluding EU/EEA/UK/US)
This region includes countries outside the EU, EEA, UK, and United States where privacy laws or regulatory guidance generally require explicit consent (opt-in) for the use of cookies or similar tracking technologies.
These jurisdictions often have comprehensive data protection laws inspired by or aligned with GDPR principles, even if they are not part of the European regulatory framework.
CookieHub recommends using opt-in consent in these countries to ensure compliance with local privacy expectations and enforcement practices.
| Country code | Name | Laws or regulations |
|---|---|---|
| AL | Albania | Law No. 9887/2008 |
| DZ | Algeria | Law 18-07 |
| AD | Andorra | LQPD |
| AR | Argentina | Law 25,326 |
| BY | Belarus | Personal Data Protection, 2021 |
| BA | Bosnia and Herzegovina | Law on Protection of Personal Data |
| BR | Brazil | LGPD |
| IO | British Indian Ocean Territory | GDPR-inspired local framework |
| CA | Canada | PIPEDA |
| CL | Chile | Law 19.628 |
| CN | China | PIPL |
| CO | Colombia | Law 1581 |
| CR | Costa Rica | Law 8968 |
| CI | Côte d’Ivoire | Law No. 2013-450 |
| EC | Ecuador | Organic Law on Personal Data Protection |
| EG | Egypt | Personal Data Protection Law No. 151/2020 |
| GH | Ghana | Data Protection Act 2012 |
| GG | Guernsey | Data Protection (Bailiwick of Guernsey) |
| VA | Holy See | General Regulation on Personal Data Protection |
| IN | India | DPDP |
| ID | Indonesia | PDP Law 2022 |
| IM | Isle of Man | Data Protection Act 2018 |
| IL | Israel | Protection of Privacy Law |
| JP | Japan | APPI |
| JE | Jersey | Data Protection (Jersey) Law 2018 |
| KE | Kenya | Data Protection Act 2019 |
| MY | Malaysia | PDPA |
| MU | Mauritius | Data Protection Act 2017 |
| MX | Mexico | LFPDPPP |
| MD | Moldova, Republic of | Law No. 133/2011 (Personal Data Protection) |
| ME | Montenegro | Personal Data Protection Law (2018; GDPR-alignment track) |
| MA | Morocco | Law 09-08 |
| MZ | Mozambique | Law No. 22/2014 (Personal Data Protection) |
| MK | North Macedonia | Law on Personal Data Protection (effective 2020) |
| PA | Panama | Law 81 |
| PY | Paraguay | Law 6534 |
| PE | Peru | Law 29733 |
| PH | Philippines | Data Privacy Act |
| QA | Qatar | PDP Law |
| RU | Russian Federation | Federal Law 152-FZ |
| RW | Rwanda | Law No. 058/2021 |
| SA | Saudi Arabia | PDPL |
| SN | Senegal | Law No. 2008-12 |
| RS | Serbia | Law on Personal Data Protection (87/2018) |
| KR | South Korea | PIPA |
| LK | Sri Lanka | Personal Data Protection Act |
| TZ | Tanzania | Personal Data Protection Act 2022 |
| TH | Thailand | PDPA |
| TN | Tunisia | Organic Law No. 2004-63 |
| TR | Turkey | PDPL/KVKK |
| UG | Uganda | Data Protection and Privacy Act 2019 |
| UA | Ukraine | Law No. 2297-VI |
| AE | United Arab Emirates | UAE Federal PDPL |
| UY | Uruguay | Law 18.331 |
| VN | Vietnam | PDP Decree |
| ZM | Zambia | Data Protection Act 2021 |
| ZW | Zimbabwe | Data Protection Act 2021 |
Recommended opt-out (excluding EU/EEA/UK/US)
This region includes countries where privacy laws generally allow the use of cookies based on implied consent (opt-out), provided that users receive clear notice and meaningful choices.
In many of these jurisdictions, cookie-specific requirements are less explicit or are interpreted differently than under GDPR. However, enforcement practices and guidance may vary.
Due to this uncertainty, CookieHub recommends evaluating whether opt-in consent is more appropriate for your use case, even if opt-out consent is legally permissible.
| Country code / State | Name | Laws or regulations |
|---|---|---|
| AU | Australia | Privacy Act 1988 |
| GL | Greenland | Act on Processing of Personal Data (2016) |
| HK | Hong Kong | PDPO |
| MO | Macao | PDP Law |
| NZ | New Zealand | Privacy Act 2020 |
| NG | Nigeria | NDPA 2023 |
| SG | Singapore | PDPA |
| ZA | South Africa | POPI |
| TW | Taiwan | PDPA |
Predefined regions (before 2026)
CookieHub provides predefined region groups for quick setup.
Europe
Includes all EU and EEA member states, the UK, and Switzerland. These countries generally require explicit consent under GDPR or equivalent laws.
| Country code | Name | Laws or regulations |
|---|---|---|
| AT | Austria | GDPR |
| BE | Belgium | GDPR |
| BG | Bulgaria | GDPR |
| HR | Croatia | GDPR |
| CY | Cyprus | GDPR |
| CZ | Czechia | GDPR |
| DK | Denmark | GDPR |
| EE | Estonia | GDPR |
| FO | Faroe Islands | GDPR |
| FI | Finland | GDPR |
| FR | France | GDPR |
| DE | Germany | GDPR |
| GR | Greece | GDPR |
| GL | Greenland | GDPR |
| HU | Hungary | GDPR |
| IS | Iceland | GDPR |
| IE | Ireland | GDPR |
| IT | Italy | GDPR |
| LV | Latvia | GDPR |
| LI | Liechtenstein | GDPR |
| LT | Lithuania | GDPR |
| LU | Luxembourg | GDPR |
| MT | Malta | GDPR |
| NL | Netherlands | GDPR |
| NO | Norway | GDPR |
| PL | Poland | GDPR |
| PT | Portugal | GDPR |
| RO | Romania | GDPR |
| SK | Slovakia | GDPR |
| SI | Slovenia | GDPR |
| ES | Spain | GDPR |
| SE | Sweden | GDPR |
| CH | Switzerland | revFADP |
| GB | United Kingdom | UK GDPR |
US states
Includes all states with active privacy laws requiring cookie notices and opt-out controls.
| State code | Name | Laws or regulations |
|---|---|---|
| CA | California | CPRA |
| CO | Colorado | CPA |
| CT | Connecticut | CTDPA |
| NV | Nevada | SB 220 |
| UT | Utah | UCPA |
| VA | Virginia | VCDPA |
| FL | Florida | FDBR |
| OR | Oregon | OCPA |
| TX | Texas | TDPSA |
| MT | Montana | MTCDPA |
Other countries (opt-in)
Countries where privacy laws require explicit consent.
| Country code | Name | Laws or regulations |
|---|---|---|
| AR | Argentina | PDPA |
| BR | Brazil | LGPD |
| IN | India | DPDP |
| JP | Japan | APPI |
| MX | Mexico | LFPDPPP |
| TR | Turkey | PDPL/KVKK |
Other countries (opt-out)
Countries where a cookie notice is required and opt-out may be allowed.
When requirements are unclear, we recommend using explicit consent globally.
| Country code | Name | Laws or regulations |
|---|---|---|
| CA | Canada | PIPEDA |
| CN | China | PIPL |
| HK | Hong Kong | PDPO |
| NZ | New Zealand | Privacy Act 2020 |
| NG | Nigeria | NDPR |
| SG | Singapore | PDPA |
| ZA | South Africa | POPIA |
| KR | South Korea | PIPA |