Iubenda logo
Start generating


Table of Contents

🎯 Make your site compliant with new U.S. Privacy Laws

2 new US privacy laws become effective on January 1st:

👉 CPRA in California
👉 VCDPA in Virginia
Colorado, Connecticut and Utah are next.

🚀 With iubenda, you can meet these regulations & receive automatic updates to stay on top of what comes next.

📌 What is required for 2023? 

These U.S. laws require you, among others, to:

  1. Provide your users with a Privacy Policy including specific details. For example, you now need to disclose some additional information, such as new users’ rights and describe your data processing practices.
  2. Enable your users to opt out of the processing for certain purposes (sale, targeted advertising and sharing, among others).
  3. VCDPA only Enable your users to opt-in to the processing of their sensitive data, for example, geolocation data.
  4. CPRA only Show users the required notice at collection to inform them, among others, about the categories of personal information that are collected, the purposes of collection, and whether this information is sold or shared.
Does it apply to me?

  • VCDPA applies to organizations that conduct business in Virginia or provide products/services to Virginia persons.
  • CPRA is an amendment to the CCPA and adds new requirements for legal entities that gather personal data from California residents.
  • Not doing business in Virginia or California? Be aware that privacy compliance is becoming increasingly popular among legislators. New laws will soon be enforced in other states. With iubenda, you comply with existing requirements and automatically receive updates to stay on top of future regulations.

How do I comply?

📌 Within the Privacy and Cookie Policy Generator

Either generate your U.S. Privacy Policy or update your existing policy by clicking “Enable disclosures for users residing in the United States” to activate the new US-specific clauses.

📌 Within the Privacy Controls and Cookie Solution

Once you complete the previous step, the Privacy Controls and Cookie Solution will auto-configure to meet the new US requirements allowing your users to opt-out. If you are not using our Privacy Policy, simply select the regions where you’re based while configuring the Privacy Controls and Cookie Solution.

Anything else I should know?

👉 We’ve added usage-based pricing to our Privacy Controls and Cookie Solution to support the new U.S. regulations.
👉 If your website exceeds 25,000 monthly page views, simply choose the plan that best applies to your site’s monthly traffic.

Why the premium features?

We dramatically increased the complexity of our solution to meet current state-level legislations, including what comes next.

  • The Privacy Controls and Cookie Solution now allows you to tag scripts to handle U.S. opt-out requests.
  • iubenda is now among the few providers compatible with GPP & GPC, making it easier to honor these opt-out requests without tagging scripts.
  • The solution now adds a footer widget to your site allowing U.S. users to opt-out from processing.
  • A Consent Banner will also display to collect an opt-in if the user is sharing sensitive data (geolocation data, bank account numbers, etc.). This banner provides the ability to consent or reject to the use of this data.