Iubenda logo
Start generating

Documentation

Table of Contents

GDPR & Cookies: EU vs US

Does the GDPR and Cookie law apply to US websites

Us-based websites / apps

Does the GDPR apply to US websites?

If you have or target EU-based users, GDPR protections will apply to those users. In such cases, you must comply with GDPR requirements, but only as it relates to your EU-based users. Keep in mind that you have EU-based users as long as EU-based users can access your site or app – as even IP address is considered to be personal data under the GDPR.

Does EU cookie law apply to US websites? Is cookie consent required in the US?

If you have EU based users and you have cookies running on your site (most popular site integrations and widgets use cookies) then informed consent must be freely given by those EU-based users before any cookies are run. This typically means having a cookie notice in place and blocking cookie scripts from executing until consent is collected. If the user refuses to grant consent, then cookies should not be run. All relevant disclosures related to the use of cookies should be made available to users via an up-to-date cookie policy.

You do not need to comply with the ePrivacy/Cookie law if you do not have EU-based users accessing your site (i.e they are blocked from accessing your website) or you do not have any cookies running on your site.

Does CalOPPA apply to all US websites?

CalOPPA applies to all websites that target or have California-based users. Therefore, you must comply with the state of California’s CalOPPA if California-based users access your site.

Does the CCPA apply to all US websites?

No, the CCPA does not necessarily apply to all US websites. However, you may need to comply with California’s CCPA if California-based users can visit your website and you qualify as a “business” under the CCPA.

EU-based websites / apps

Does the GDPR apply to all EU-based websites?

Yes, if you’re an EU-based entity, you must comply with GDPR requirements, and grant GDPR protections to all your users – including those based in other countries, e.g the US.

What about the UK? Will the GDPR apply after Brexit?

It’s a bit difficult to say. Currently GDPR requirements still apply to UK-based businesses and it seems likely that similar rules will apply after Brexit. Do keep in mind that the GDPR applies if you have EU-based users – whether the country you’re based in is within the EU or not. You can read more on Brexit and the GDPR here.

Is consent for cookies always required under Cookie Law?

Under the ePrivacy/ Cookie Law, informed consent must be freely given by the user before any non-exempt cookies are run. Few cookies fall into the very narrow category of “exempt” so it’s best to err on the side of caution in this regard.

Does CalOPPA apply to EU websites?

CalOPPA applies to all websites that target or have California-based users. Therefore, you must comply with the US state of California’s CalOPPA if California-based users access your site.

Does the CCPA apply to EU websites?

No, the CCPA does not necessarily apply to all EU websites. However, you may need to comply with California’s CCPA if California-based users can visit your website and you qualify as a “business” under the CCPA.

Everything you need to know about
compliance in one course!

In our free Intro to Online Compliance email course you’ll learn:

  • Online Compliance basics
  • Which laws apply to you
  • How to comply

This easy-to-understand course is suitable
for all knowledge levels.

Sign up for the 7-part series below.

No strings attached. Unsubscribe anytime.
We won’t send you any emails other than the course, unless you later sign up for more.
For further details, review our Privacy Policy.

About us

iubenda

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com

See also