US Privacy

IAB GPP: Implement US data protection laws in a legally compliant manner

Make your website or app compliant with the legal requirements for the new US data protection laws.

  • Easy to integrate
  • Supports CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), UCPA (Utah), CAPDP (Connecticut), US National Privacy, among others
  • Official support of the new IAB GPP standard
  • Including “Do not sell”, GPC and other functions
  • Opt In or Opt Out
  • Customizable design
  • Cookie crawler already integrated
  • Extensive reporting
Test it now Book a call
CMP Consent Management

We have already helped more than 25,000 websites to comply with GDPR, TTDSG & ePrivacy

Our clients include some of the biggest websites and best known brands in the world.

Logo Travian Games
Logo Sächsisch Böhmische Schweiz
Logo connect
Matratzen Concord Logo
Logo Network N
Lokalkompass.de Logo
Bauer Frischluft Logo
Joblocal Logo
Logo magiac
RTVI Logo
Logo Hit Radio FFH
Falke Logo
Dewezet
Wormser Zeitung Logo
Sourceforge Logo
SeDenne Logo
Leipziger Messe logo
TÜV Nord Logo
generix Logo
Schäffer Logo
Deka
Logo
Thüringer Allgemeine Logo
Revier Sport Logo
Gelbe Seiten Logo
Kicks
Adinplay Logo
Logo inFranken
ON Online
Echo Logo
Logo Glenveagh
engelhorn Logo
Logo Täglicher Anzeiger
Sportplatz Media Logo
Bimago
sportkeeda Logo
Nordbayern Logo
SGH
München Klinik Logo
Gothaer Logo
Logo Oldenburg
Braunschweiger Zeitung Logo
Logo rabbit
Hildesheimer Allgemeine Zeitung Logo
Logo DHI
Rainbow
Logo Arminia Bielefeld
DocMorris Logo
Omnikron Logo
Logo Travel24
slashdot
Avoxa
Logo Wirtschafts Kurier
visit Berlin Logo
Absolventa Logo
Der Tagesspiegel Logo
Burlington Logo
Logo möbel massiv
minimum Logo
Aponeo
Dorint Logo
cove Logo
Winkler Logo
Tageblatt Logo
Logo Löwe
Logo bevestor
Logo sipgate
Logo Radio Harmony
Logo Nordrheinwestfalen
NDZ.de Logo
Vogel Logo
Logo Pepperl und Fuchs
Lampenwelt Logo
Fietsersbong Logo
abc nyheter Logo
Vattenfall Logo
Spar
BVG Logo
hyScore logo
LZ.de Logo
Logo Best Western
Logo A&O
Logo Ostfriesenland
synonymer.cc Logo
Neue Westfälische Logo
Derag Logo
Via
Sparkasse Bremen Logo
Tageblatt.de Logo
Stadtwerke Gmünd Logo
NRZ Logo
Logo netpointmedia
Logo EDB Singapore
heute wohnen Logo
Logo Landkreiß Gießen
Ringier Axel Springer
Logo Hamburg Süd
home
Logo Planet Radio
Hamburger Abendblatt Logo
Adtiger Logo
Coop
Develey Logo
Life of Svea Logo
Logo Evertz Pharma
Deutsche See Fischmanufaktur Logo
medpex Logo
Wiesbadener Kurier Logo
Windener Tageblatt Logo
Biofarm
Operan
Getränke Hoffmann Logo
Berliner Morgenpost
Del2 Logo
Parade Logo
Ahlens
Die Zeit Logo
Shirtinator Logo
SZLZ.de Logo
Logo DZB Bank
Thüringen24 Logo
B Logo
Logo Quoka
Porty Lotnicze
Romika Logo
UKE
pyrondo Logo
Ruhr24
Logo 1. FCN
WAZ Logo
Butlers Logo
Riess Ambiente Logo
Logo IVZ
Westfalenpost Logo
Parade Media
Lufthansa Industry Solutions Logo
PWN
Style Breaker Loge
Heinze
Logo NZZ
burgdigital Logo
Goslarsche.de Logo
eizo Logo
Schuhe.de Logo
GA Online
Logo TT-Line
Subaru Logo
Gießener Anzeiger Logo
Living Hotels Logo
Logo Deutscher Ärzteverlag
tyda.se Logo
Aporot Logo
Logo St Peter-Ording
Soma 2 Logo
Virail
Mitsubishi Motors Logo
Schrankwerk Logo
OZ Online
Pirscher Logo
Josef Seibel Logo
Logo Niedersachsen
Zukunftsregion Westpfalz
startsiden/ Logo
Logo dhb
Der Westen Logo
Polo
Logo The European
Wempe Logo
Coffee Makers Logo
Logo
Haller Kreisblatt Logo
Svenskfotboll
Rundschau Logo
relish Logo
Allgemeine Zeitung Logo
adclick Logo
Landeszeitung Logo
Wetzlarer Neue Zeitung Logo
Logo Digitas
Sylt Logo
Logo PC MAgazin
radio Bochum Logo
Alpin Logo
Monsterzeug Logo
AzubiYo Logo
Funke Digital Logo

… and many more.

How do I make my website or app compliant with the new US privacy laws?

If your business falls under one of the many privacy laws (see the Laws section), you must comply with those laws. In most states this means:

  • Website visitors/app users must be informed about the type, purpose and content of the data processing
  • Website visitors/app users must have the right to object to data processing (opt-out)
  • In certain cases, consent must be obtained prior to data processing (opt-in)
  • Various basic rules apply to how data may be processed, such as the principle of data minimization, security, transparency or the handling of sensitive data

Specifically, this means in most cases: An opt-out solution must be installed on the website or app in order to provide users with the necessary information and enable the opt-out.

Test your site
Test it now Book a call
Consent-Lösung TTDSG-, DSGVO-/ePrivacy und CCPA-konform werden können

NEED FOR US PRIVACY COMPLIANCE

… but I’m not processing any data at all!?

One response we hear a lot from US customers is that they don’t actually process any data and therefore data protection laws don’t apply to them.

  • It is important to note here that website and app operators are responsible for the data that is processed on their website or in their app . Therefore, the data protection laws apply in particular to companies if they meet one of the following conditions:

  • 1. If data is processed for our own purposes , for example via tracking tools such as Google Analytics, Matomo, Hotjar or similar

  • 2. Sharing data with third parties is also a processing step. Data is shared, for example, by integrating a third-party plugin into the website or app. This applies to YouTube videos, Facebook plugins, Google Maps, chat programs or payment providers such as PayPal

  • 3. Whenever advertising is integrated into the website or app, data is automatically transmitted to the advertiser . The transmission is understood as a step in data processing.

  • While states differ a bit on when consent to data processing must be given, virtually all data protection laws require opt-out. In the case of CCPA/CPRA, this must be implemented explicitly by means of a link that says “Do not sell or share my personal information”.

Book a call
Test it now

Become compliant in 5 steps

With consentmanager you can easily become compliant with the various US data protection laws:

  • 1. Register now for free and activate the consentmanager account
  • 2. Integrate the consentmanager code into your website using copy & paste
  • 3. Adapt the opt-out design to your wishes
  • 4. Create & integrate the “Do not sell or share my personal information” link
  • 5. Stay compliant thanks to automatic updates
Test it now Book a call

Recommended by lawyers and data protection officers

Händlerbund Logo
Datenschutzexperte.de
Logo Recht 24-7
Go Professional Logo
Spirit Legal Logo
Jura Forum Logo
eRecht 24 Logo
One GDPR Schriftzug
media.net Berlinbrandenburg Logo
Logo IT Kanzlei Utz
Handelsverband BW Logo
it-recht kanzlei München

The new standard AB GPP

Make websites secure with new standards: IAB GPP

In order to transparently signal the opt-in or opt-out within the website or app to all integrated tools, plugins and advertising providers, the so-called IAB GPP standard was developed by the IAB.

  • GPP stands for Global Privacy Platform and defines various methods and interfaces such as a CMP (Consent Management Provider, also known as “Cookie Banner” or “Privacy Notice”) that record and communicate consent/opt-in or rejection/opt-out can. The standard is largely based on the IAB TCF standard, which has been used successfully in Europe for years and has become a must for publishers and advertisers.

  • The consentmanager team was significantly involved in the development of the GPP standard, so it is not surprising that consentmanager is the first provider to offer the productive use of IAB GPP.
    You can also find more about GPP in our blog .

  • Important: Most data protection laws also require that website operators and app operators can respond to “browser signals”. One of these signals is the GPC or “Global Privacy Control” required in California. With consentmanager, websites and apps don’t have to worry about happiness: The consentmanager solution automatically reacts to browser signals and implements the opt-out automatically.

  • Use GPP and GPC now

Why become compliant for US privacy laws now?

Protection for your business

CCPA, VCDPA, CAPAP etc. will be effective from 2023 and must be implemented. The Federal Attorneys General can now impose fines on the basis of laws – in many cases this has already happened. Don’t hesitate any longer and make your website or app compliant now!

Protection for your earnings

Advertising companies will rely on the new IAB GPP standard in 2023. In Europe, hardly any advertising is sold without the European standard – in the USA the trend is going in the same direction. If you don’t support the IAB GPP standard, you’re missing out on advertising revenue!

Protection for your customers

Customers are becoming more critical and are increasingly questioning how companies handle data. Companies that do not respect their privacy lose credibility, customers and sales. Show your customers that you really care about them!

Only pay for what you use

Our flexible pricing model

The consentmanager CMP is inexpensive and available with a flexible model: You only pay for what you use!

Basic

0
Permanently free for
a website or app
  • 5,000 views / month incl.
  • GDPR Compliant
  • Premade Designs
  • 1 crawl/week
  • Support: tickets
  • additional Views bookable
  • IAB TCF compatible CMP
  • IAB GPP standard
  • A/B testing & optimization
  • additional user accounts
Join Now

Beginner

19
Monthly for
a website or app
  • 100,000 views / month incl.
  • additional Views:0.1  / 1000
  • GDPR Compliant
  • Customizable designs
  • 3 crawls/day
  • Support: tickets
  • A/B testing & optimization
  • IAB TCF compatible CMP
  • IAB GPP standard
  • additional user accounts
Join Now!
Very popular

Standard

49
Monthly for up to
3 websites or apps
  • 1 million views / month incl.
  • additional Views:0.05  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • 10 crawls/day
  • Support: Ticket & Email
  • additional user accounts
Join Now!

Agency

195
Monthly for up to
20 websites or apps
  • 10 million views / month incl.
  • additional Views:0.02  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • 100 crawls/day
  • 10 additional user accounts
  • Support: Ticket, email & phone
  • Personal account manager
Join Now!

Enterprise

On demand
Monthly price by individual agreement
  • Any Views / Month
  • additional Views:0.02  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • Any crawls/day
  • any add. user accounts
  • Support: Ticket, email & phone
  • Personal account manager
Join Now!

These are the important US privacy norms

What data protection laws are there in the US?

Companies that are based in the United States, do business or provide services there, or otherwise deal with US citizens are likely to be subject to one of a variety of privacy laws.

  • Unlike in many other countries, data protection laws in the USA are regulated at the state level – until there is a national data protection law. Companies should therefore check whether or which federal laws apply to them. Specifically, these could be:

  • CCPA / CPRA – California

    CCPA stands for California Consumer Privacy Act and was enacted in 2019. It applies especially in California or in relation to California residents. The “update” to CCPA is CPRA or California Privacy Rights Act. Under the CPRA, some regulations are specified and tightened.

  • VCDPA—Virginia

    VCDPA stands for Virginia Consumer Data Protection Act and refers to companies doing business in the state of Virginia or serving residents of that state. VCDPA will be “effective” from January 1st, 2023 – ie it has to be implemented by companies since that date at the latest.

  • CPA—Colorado

    CPA or Colorado Privacy Act is the privacy law of the state of Colorado. Like Virginia’s VCDPA, this law is effective as of January 1, 2023 and must be implemented by companies located in Colorado or processing data from residents of the state.

  • UCPA-Utah

    The data protection law for the state of Utah in the western United States is called the UCPA or Utah Consumer Privacy Act. Unlike the two aforementioned laws, UCPA will not come into effect until December 31, 2023. This law also affects all companies that process a certain amount of data (here 100,000 per year) from the citizens of the state.

  • CAPDP—Connecticut

    CAPDP (partly CTPDP) stands for Connecticut Act Concerning Personal Data Privacy is the federal data protection law in the state of Connecticut. The law will go into effect on July 1, 2023 and will affect companies located in, doing business in, or processing information about citizens of the state of Connecticut.

  • U.S. National Privacy

    In addition to the aforementioned laws, various other states have their own laws in the works – some of which are expected as early as 2023. In addition, there are different approaches to country-level privacy regulations that apply across the United States.

frequently asked Questions

Not sure if you need a CMP?

To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.

The law will come into force on July 1, 2023

CAPDP (sometimes also CTPDP) stands for Connecticut Act Concerning Personal Data Privacy.

UCPA will become effective on December 31, 2023.

Utah Consumer Privacy Act.

CPA is effective from January 01, 2023.

Colorado Privacy Act.

VCDPA effective January 01, 2023.

VCDPA stands for Virginia Consumer Data Protection Act.

Yes. The federal prosecutor is already diligently handing out fines. The most prominent case so far is that of Sephora with a fine of USD 1.2 million.

The laws have already come into force.

California Privacy Rights Act

California Consumer Privacy Act

Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!

Book a call
Test it now