Become compliant with US data protection laws

Make your website or app compliant with the legal requirements for the new US data protection laws

  • Easy to integrate
  • Support for CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), UCPA (Utah), CAPDP (Connecticut), US National Privacy
  • Official support of the new IAB GPP standard
  • Includes „Do not sell“-Link, GPC and more
  • Opt-In or Opt-Out
  • Fully customizable Design
  • Cookie Crawler already integrated
  • Extended reporting

We already helped more than 15,000 websites becoming GDPR- & CCPA-compliant …

Our clients include some of the largest websites and well-known brands in the world.

… and many more.

How do I make my website or app compliant with the new US privacy laws?

If your business is subject to one of the many privacy laws (see the Laws section), you must comply with those laws. In most states this means:

  • Website visitors/app users must be informed about the type, purpose and content of the data processing
  • Website visitors/app users must have the right to object to data processing (opt-out)
  • In certain cases, consent must be obtained prior to data processing (opt-in)
  • Various basic rules apply as to how data may be processed, such as the principle of data minimization, security, transparency or the handling of sensitive data

In many cases this means: An opt-out solution must be installed in the website or app to provide users with the necessary information and enable the opt-out.

… but I’m not processing any personal information!?

One response we hear a lot from US customers is that they don’t actually process any personal information and therefore data protection & privacy laws don’t apply to them. It is important to note here that website and app operators are responsible for the data that is processed on their website or in their app by third parties. Therefore, the data protection laws apply to companies if they meet one of the following conditions:

  • If data is processed for your own purposes, for example via tracking tools such as Google Analytics, Matomo, Hotjar or similar
  • Sharing data with third parties is also a processing step. Data is shared, for example, by integrating a third-party plugin into the website or app. This applies to YouTube videos, Facebook plugins, Google Maps, chat programs or payment providers such as PayPal
  • Whenever advertising is integrated into the website or app, data is automatically transmitted to the advertiser. The transmission is understood as a step in data processing.

While states vary a bit as to when consent to data processing must be given, virtually all data protection laws require an opt-out. In the case of CCPA/CPRA, this must be implemented explicitly by means of a link that says “Do not sell or share my personal information”.

Your 5 steps to compliance

With consentmanager you can easily become compliant with the various US data protection laws:

  1. Register now for free and activate the consentmanager account
  2. Integrate the consentmanager code into your website using copy & paste
  3. Customize the opt-out design as you like
  4. Create & embed the “Do not sell or share my personal information” link
  5. Stay compliant with automatic updates

Recommended by Lawyers and Data Protection Officers …

Ensure compliance with the latest standards: IAB GPP

In order to transparently signal the opt-in or opt-out within the website or app to all integrated tools, plugins and advertising vendors, the so-called GPP Standard was developed by the IAB. IAB GPP stands for Global Privacy Platform and defines various methods and APIs how a CMP (Consent Management Provider, also known as “Cookie Banner” or “Privacy Notice”) can use and communicate consent/opt-in or rejection/opt-out can. The standard is largely based on the IAB TCF standard, which has been used in Europe very successfully for years now and has become a “must-have” for publishers and advertisers. The consentmanager team was significantly involved in the development of the GPP standard, so it is not surprising that consentmanager is the first provider to offer the productive use of IAB GPP.

More info on the background of IAB GPP you can find in our blog post.

Important: Most data protection laws also require that websites and apps can work with “browser signals”. One of these signals is the GPC or “Global Privacy Control” required in California. Luckily with consentmanager, websites and apps don’t have to worry about this topic: The consentmanager solution automatically reacts to browser signals and implements the opt-out automatically.

Why become compliant for US privacy laws now? 

img
Protect your company

CCPA, VCDPA, CAPAP etc. will be effective from 2023 and need to be implemented. The Federal Attorneys General can now impose fines on the basis of these laws – in many cases this has already happened. Don’t hesitate any longer and make your website or app compliant now!

img
Protect your revenues

Advertising companies will rely on the new IAB GPP standard in 2023. In Europe, hardly any advertising is sold without the European TCF standard – in the USA the trend is going in the same direction. If you don’t support the IAB GPP standard, you’re missing out on advertising revenue!

img
Protect your customers

Customers are becoming more critical and are increasingly questioning how companies handle personal information. Companies that do not respect their privacy will lose credibility, customers and sales. Show your customers that you really care about them!

Basic

Free

  • Overview
  • Max. PageViews per month

    5,000
  • Additional PageViews (price per 1000)

    capped
  • Max. Websites/max. Apps

    1
  • GDPR-compliant

  • Designs/Customization
  • Predefined Designs / ready to go

  • Cookie Crawler
  • Crawler per week

    1
  • Support/SLA
  • Support via Ticket

Standard
from

49 €
per month

  • Overview
  • All features of the Basic package plus:

  • PageViews per month included

    1,000,000
  • Additional PageViews (price per 1000)

    0.05 €
  • IAB GPP Standard

  • IAB TCF compatible CMP

  • Max. Websites/max. Apps

    3
  • Designs/Customization
  • All features of the Basic package

  • Create custom designs

    3
  • Cookie Crawler
  • Crawler per day

    10
  • Support/SLA
  • Support via Ticket

  • Support via E-Mail

Agencyfrom

195 €
per month

  • Overview
  • All features of the Standard package plus:

  • PageViews per month included

    10,000,000
  • Additional PageViews (price per 1000)

    0.02 €
  • Max. Websites/max. Apps

    20
  • Designs/Customization
  • All features of the Standard package plus:

  • Create custom designs

    20
  • A/B-Tests and machine learning optimization

  • User accounts
  • All features of the Standard package plus:

  • Additional user accounts

    10
  • Set custom user rights

  • Cookie Crawler
  • Crawler per day

    100
  • Support/SLA
  • Support via Ticket

  • Support via E-Mail

Enterprisefrom

Contact us

  • Overview
  • All features of the Agency package plus:

  • PageViews per month included

    35,000,000
  • Additional PageViews (price per 1000)

    0.02 €
  • Max. Websites/max. Apps

    unlimited
  • Designs/Customization
  • All features of the Agencyy package plus:

  • Custom Designs

    individual
  • User accounts
  • All features of the Agency package plus:

  • Additional user accounts

    individual
  • Set custom user rights

  • Cookie Crawler
  • Crawler per day

    300
  • Support/SLA
  • Support via Ticket

  • Support via E-Mail

  • Support via Telephone

  • Dedicated Support

  • SLA

    99.9%
  • Whitelabel
  • Whitelabel-Solution

  • Removal of consentmanager.net Logo

  • CMP on your own Domain

    What data protection laws are there in the USA?

    Companies that are based in the United States, do business or provide services there, or otherwise deal with US citizens are likely to be subject to one of a variety of privacy laws. Unlike in many other countries, data protection laws in the USA are regulated at state level – until there is a national data protection law. Companies should therefore check whether or which federal laws apply to them. The following privacy laws may apply:

    CCPA / CPRA – California

    CCPA stands for California Consumer Privacy Act and was enacted in 2019. It applies especially in California or in relation to California residents. The “update” to CCPA is CPRA or California Privacy Rights Act. Under the CPRA, some regulations are specified and tightened.

    VCDPA – Virginia

    VCDPA stands for Virginia Consumer Data Protection Act and applies to companies doing business in the state of Virginia or serving residents of that state. VCDPA will be effective from January 1st, 2023 – i.e. since that date it must be implemented by companies at the latest.

    CPA – Colorado

    CPA or Colorado Privacy Act is the privacy law of the state of Colorado. Like Virginia’s VCDPA, this law is effective as of January 1, 2023 and must be implemented by companies located in Colorado or processing data from residents of the state.

    UCPA – Utah

    The data protection law for the state of Utah in the western United States is called the UCPA or Utah Consumer Privacy Act. Unlike the two laws we mentioned before, UCPA will not come into effect until December 31, 2023. This law also affects all companies that process a certain amount of data (here 100,000 per year) from the citizens of the state.

    CAPDP – Connecticut

    CAPDP (sometimes called CTPDP) stands for Connecticut Act Concerning Personal Data Privacy is the federal data protection law in the state of Connecticut. The law will go into effect on July 1, 2023 and will affect companies located in, doing business in, or processing information about citizens of the state of Connecticut.

    US National Privacy

    In addition to the above laws, various other states have their own laws in the works – some of which are expected as early as 2023. In addition, there are different approaches to country-level privacy regulations that apply across the United States.

    FAQ

    California Privacy Rights Act

    Both laws are already active and in force.

    Yes. The general attorney is already handing out fines. The most prominent case so far is that of Sephora with a fine of USD 1.2 million.

    VCDPA stands for Virginia Consumer Data Protection Act

    Colorado Privacy Act

    CPA is into force from 01 January 2023

    Utah Consumer Privacy Act

    UCPA will come into force on 31 December 2023

    CAPDP stands for Connecticut Act Concerning Personal Data Privacy

    The law will come into effect 01 July 2023

    CMP

    Not sure if you need a CMP?

    If you are unsure if your company needs a CMP or not, please get in touch with us – we will help you find the right solution for your company!

    Get In Touch