US Privacy
IAB GPP: Implement US data protection laws in a legally compliant manner
Make your website or app compliant with the legal requirements for the new US data protection laws.
- Easy to integrate
- Supports CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), UCPA (Utah), CAPDP (Connecticut), US National Privacy, among others
- Official support of the new IAB GPP standard
- Including “Do not sell”, GPC and other functions
- Opt In or Opt Out
- Customizable design
- Cookie crawler already integrated
- Extensive reporting
We have already helped more than 25,000 websites to comply with GDPR, TTDSG & ePrivacy
Our clients include some of the biggest websites and best known brands in the world.
… and many more.
How do I make my website or app compliant with the new US privacy laws?
If your business falls under one of the many privacy laws (see the Laws section), you must comply with those laws. In most states this means:
- Website visitors/app users must be informed about the type, purpose and content of the data processing
- Website visitors/app users must have the right to object to data processing (opt-out)
- In certain cases, consent must be obtained prior to data processing (opt-in)
- Various basic rules apply to how data may be processed, such as the principle of data minimization, security, transparency or the handling of sensitive data
Specifically, this means in most cases: An opt-out solution must be installed on the website or app in order to provide users with the necessary information and enable the opt-out.

NEED FOR US PRIVACY COMPLIANCE
… but I’m not processing any data at all!?
One response we hear a lot from US customers is that they don’t actually process any data and therefore data protection laws don’t apply to them.
It is important to note here that website and app operators are responsible for the data that is processed on their website or in their app . Therefore, the data protection laws apply in particular to companies if they meet one of the following conditions:
1. If data is processed for our own purposes , for example via tracking tools such as Google Analytics, Matomo, Hotjar or similar
2. Sharing data with third parties is also a processing step. Data is shared, for example, by integrating a third-party plugin into the website or app. This applies to YouTube videos, Facebook plugins, Google Maps, chat programs or payment providers such as PayPal
3. Whenever advertising is integrated into the website or app, data is automatically transmitted to the advertiser . The transmission is understood as a step in data processing.
While states differ a bit on when consent to data processing must be given, virtually all data protection laws require opt-out. In the case of CCPA/CPRA, this must be implemented explicitly by means of a link that says “Do not sell or share my personal information”.
Become compliant in 5 steps
With consentmanager you can easily become compliant with the various US data protection laws:
- 1. Register now for free and activate the consentmanager account
- 2. Integrate the consentmanager code into your website using copy & paste
- 3. Adapt the opt-out design to your wishes
- 4. Create & integrate the “Do not sell or share my personal information” link
- 5. Stay compliant thanks to automatic updates
Recommended by lawyers and data protection officers
The new standard AB GPP
Make websites secure with new standards: IAB GPP
In order to transparently signal the opt-in or opt-out within the website or app to all integrated tools, plugins and advertising providers, the so-called IAB GPP standard was developed by the IAB.
GPP stands for Global Privacy Platform and defines various methods and interfaces such as a CMP (Consent Management Provider, also known as “Cookie Banner” or “Privacy Notice”) that record and communicate consent/opt-in or rejection/opt-out can. The standard is largely based on the IAB TCF standard, which has been used successfully in Europe for years and has become a must for publishers and advertisers.
The consentmanager team was significantly involved in the development of the GPP standard, so it is not surprising that consentmanager is the first provider to offer the productive use of IAB GPP.
You can also find more about GPP in our blog .Important: Most data protection laws also require that website operators and app operators can respond to “browser signals”. One of these signals is the GPC or “Global Privacy Control” required in California. With consentmanager, websites and apps don’t have to worry about happiness: The consentmanager solution automatically reacts to browser signals and implements the opt-out automatically.
Why become compliant for US privacy laws now?
Protection for your business
CCPA, VCDPA, CAPAP etc. will be effective from 2023 and must be implemented. The Federal Attorneys General can now impose fines on the basis of laws – in many cases this has already happened. Don’t hesitate any longer and make your website or app compliant now!
Protection for your earnings
Advertising companies will rely on the new IAB GPP standard in 2023. In Europe, hardly any advertising is sold without the European standard – in the USA the trend is going in the same direction. If you don’t support the IAB GPP standard, you’re missing out on advertising revenue!
Protection for your customers
Customers are becoming more critical and are increasingly questioning how companies handle data. Companies that do not respect their privacy lose credibility, customers and sales. Show your customers that you really care about them!
Only pay for what you use
Our flexible pricing model
The consentmanager CMP is inexpensive and available with a flexible model: You only pay for what you use!
Basic
a website or app
- 5,000 views / month incl.
- GDPR Compliant
- Premade Designs
- 1 crawl/week
- Support: tickets
-
additional Views bookable -
IAB TCF compatible CMP -
IAB GPP standard -
A/B testing & optimization -
additional user accounts
Beginner
a website or app
- 100,000 views / month incl.
- additional Views:0.1 € / 1000
- GDPR Compliant
- Customizable designs
- 3 crawls/day
- Support: tickets
-
A/B testing & optimization -
IAB TCF compatible CMP -
IAB GPP standard -
additional user accounts
Standard
3 websites or apps
- 1 million views / month incl.
- additional Views:0.05 € / 1000
- GDPR Compliant
- IAB TCF compatible CMP
- IAB GPP standard
- Customizable designs
- A/B testing & optimization
- 10 crawls/day
- Support: Ticket & Email
-
additional user accounts
Agency
20 websites or apps
- 10 million views / month incl.
- additional Views:0.02 € / 1000
- GDPR Compliant
- IAB TCF compatible CMP
- IAB GPP standard
- Customizable designs
- A/B testing & optimization
- 100 crawls/day
- 10 additional user accounts
- Support: Ticket, email & phone
-
Personal account manager
Enterprise
- Any Views / Month
- additional Views:0.02 € / 1000
- GDPR Compliant
- IAB TCF compatible CMP
- IAB GPP standard
- Customizable designs
- A/B testing & optimization
- Any crawls/day
- any add. user accounts
- Support: Ticket, email & phone
- Personal account manager
These are the important US privacy norms
What data protection laws are there in the US?
Companies that are based in the United States, do business or provide services there, or otherwise deal with US citizens are likely to be subject to one of a variety of privacy laws.
Unlike in many other countries, data protection laws in the USA are regulated at the state level – until there is a national data protection law. Companies should therefore check whether or which federal laws apply to them. Specifically, these could be:
CCPA / CPRA – California
CCPA stands for California Consumer Privacy Act and was enacted in 2019. It applies especially in California or in relation to California residents. The “update” to CCPA is CPRA or California Privacy Rights Act. Under the CPRA, some regulations are specified and tightened.
VCDPA—Virginia
VCDPA stands for Virginia Consumer Data Protection Act and refers to companies doing business in the state of Virginia or serving residents of that state. VCDPA will be “effective” from January 1st, 2023 – ie it has to be implemented by companies since that date at the latest.
CPA—Colorado
CPA or Colorado Privacy Act is the privacy law of the state of Colorado. Like Virginia’s VCDPA, this law is effective as of January 1, 2023 and must be implemented by companies located in Colorado or processing data from residents of the state.
UCPA-Utah
The data protection law for the state of Utah in the western United States is called the UCPA or Utah Consumer Privacy Act. Unlike the two aforementioned laws, UCPA will not come into effect until December 31, 2023. This law also affects all companies that process a certain amount of data (here 100,000 per year) from the citizens of the state.
CAPDP—Connecticut
CAPDP (partly CTPDP) stands for Connecticut Act Concerning Personal Data Privacy is the federal data protection law in the state of Connecticut. The law will go into effect on July 1, 2023 and will affect companies located in, doing business in, or processing information about citizens of the state of Connecticut.
U.S. National Privacy
In addition to the aforementioned laws, various other states have their own laws in the works – some of which are expected as early as 2023. In addition, there are different approaches to country-level privacy regulations that apply across the United States.
frequently asked Questions
Not sure if you need a CMP?
To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.
The law will come into force on July 1, 2023
CAPDP (sometimes also CTPDP) stands for Connecticut Act Concerning Personal Data Privacy.
UCPA will become effective on December 31, 2023.
Utah Consumer Privacy Act.
CPA is effective from January 01, 2023.
Colorado Privacy Act.
VCDPA effective January 01, 2023.
VCDPA stands for Virginia Consumer Data Protection Act.
Yes. The federal prosecutor is already diligently handing out fines. The most prominent case so far is that of Sephora with a fine of USD 1.2 million.
The laws have already come into force.
California Privacy Rights Act
California Consumer Privacy Act
Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!