Become compliant with US data protection laws
Make your website or app compliant with the legal requirements for the new US data protection laws
- Easy to integrate
- Support for CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), UCPA (Utah), CAPDP (Connecticut), US National Privacy
- Official support of the new IAB GPP standard
- Includes „Do not sell“-Link, GPC and more
- Opt-In or Opt-Out
- Fully customizable Design
- Cookie Crawler already integrated
- Extended reporting

We already helped more than 15,000 websites becoming GDPR- & CCPA-compliant …
Our clients include some of the largest websites and well-known brands in the world.
… and many more.

How do I make my website or app compliant with the new US privacy laws?
If your business is subject to one of the many privacy laws (see the Laws section), you must comply with those laws. In most states this means:
- Website visitors/app users must be informed about the type, purpose and content of the data processing
- Website visitors/app users must have the right to object to data processing (opt-out)
- In certain cases, consent must be obtained prior to data processing (opt-in)
- Various basic rules apply as to how data may be processed, such as the principle of data minimization, security, transparency or the handling of sensitive data
In many cases this means: An opt-out solution must be installed in the website or app to provide users with the necessary information and enable the opt-out.
… but I’m not processing any personal information!?
One response we hear a lot from US customers is that they don’t actually process any personal information and therefore data protection & privacy laws don’t apply to them. It is important to note here that website and app operators are responsible for the data that is processed on their website or in their app by third parties. Therefore, the data protection laws apply to companies if they meet one of the following conditions:
- If data is processed for your own purposes, for example via tracking tools such as Google Analytics, Matomo, Hotjar or similar
- Sharing data with third parties is also a processing step. Data is shared, for example, by integrating a third-party plugin into the website or app. This applies to YouTube videos, Facebook plugins, Google Maps, chat programs or payment providers such as PayPal
- Whenever advertising is integrated into the website or app, data is automatically transmitted to the advertiser. The transmission is understood as a step in data processing.
While states vary a bit as to when consent to data processing must be given, virtually all data protection laws require an opt-out. In the case of CCPA/CPRA, this must be implemented explicitly by means of a link that says “Do not sell or share my personal information”.
Your 5 steps to compliance
With consentmanager you can easily become compliant with the various US data protection laws:
- Register now for free and activate the consentmanager account
- Integrate the consentmanager code into your website using copy & paste
- Customize the opt-out design as you like
- Create & embed the “Do not sell or share my personal information” link
- Stay compliant with automatic updates

Recommended by Lawyers and Data Protection Officers …
Ensure compliance with the latest standards: IAB GPP
In order to transparently signal the opt-in or opt-out within the website or app to all integrated tools, plugins and advertising vendors, the so-called GPP Standard was developed by the IAB. IAB GPP stands for Global Privacy Platform and defines various methods and APIs how a CMP (Consent Management Provider, also known as “Cookie Banner” or “Privacy Notice”) can use and communicate consent/opt-in or rejection/opt-out can. The standard is largely based on the IAB TCF standard, which has been used in Europe very successfully for years now and has become a “must-have” for publishers and advertisers. The consentmanager team was significantly involved in the development of the GPP standard, so it is not surprising that consentmanager is the first provider to offer the productive use of IAB GPP.
More info on the background of IAB GPP you can find in our blog post.
Important: Most data protection laws also require that websites and apps can work with “browser signals”. One of these signals is the GPC or “Global Privacy Control” required in California. Luckily with consentmanager, websites and apps don’t have to worry about this topic: The consentmanager solution automatically reacts to browser signals and implements the opt-out automatically.
Why become compliant for US privacy laws now?

Protect your company
CCPA, VCDPA, CAPAP etc. will be effective from 2023 and need to be implemented. The Federal Attorneys General can now impose fines on the basis of these laws – in many cases this has already happened. Don’t hesitate any longer and make your website or app compliant now!

Protect your revenues
Advertising companies will rely on the new IAB GPP standard in 2023. In Europe, hardly any advertising is sold without the European TCF standard – in the USA the trend is going in the same direction. If you don’t support the IAB GPP standard, you’re missing out on advertising revenue!

Protect your customers
Customers are becoming more critical and are increasingly questioning how companies handle personal information. Companies that do not respect their privacy will lose credibility, customers and sales. Show your customers that you really care about them!
Basic
Free
- Overview
Max. PageViews per month
5,000Additional PageViews (price per 1000)
cappedMax. Websites/max. Apps
1GDPR-compliant
- Designs/Customization
Predefined Designs / ready to go
- Cookie Crawler
Crawler per week
1
- Support/SLA
Support via Ticket
Standard
from
49 €
per month
- Overview
All features of the Basic package plus:
PageViews per month included
1,000,000Additional PageViews (price per 1000)
0.05 €IAB GPP Standard
IAB TCF compatible CMP
Max. Websites/max. Apps
3
- Designs/Customization
All features of the Basic package
Create custom designs
3
- Cookie Crawler
Crawler per day
10
- Support/SLA
Support via Ticket
Support via E-Mail
Agencyfrom
195 €
per month
- Overview
All features of the Standard package plus:
PageViews per month included
10,000,000Additional PageViews (price per 1000)
0.02 €Max. Websites/max. Apps
20
- Designs/Customization
All features of the Standard package plus:
Create custom designs
20A/B-Tests and machine learning optimization
- User accounts
All features of the Standard package plus:
Additional user accounts
10Set custom user rights
- Cookie Crawler
Crawler per day
100
- Support/SLA
Support via Ticket
Support via E-Mail
Enterprisefrom
Contact us
- Overview
All features of the Agency package plus:
PageViews per month included
35,000,000Additional PageViews (price per 1000)
0.02 €Max. Websites/max. Apps
unlimited
- Designs/Customization
All features of the Agencyy package plus:
Custom Designs
individual
- User accounts
All features of the Agency package plus:
Additional user accounts
individualSet custom user rights
- Cookie Crawler
Crawler per day
300
- Support/SLA
Support via Ticket
Support via E-Mail
Support via Telephone
Dedicated Support
SLA
99.9%
- Whitelabel
Whitelabel-Solution
Removal of consentmanager.net Logo
CMP on your own Domain
What data protection laws are there in the USA?
Companies that are based in the United States, do business or provide services there, or otherwise deal with US citizens are likely to be subject to one of a variety of privacy laws. Unlike in many other countries, data protection laws in the USA are regulated at state level – until there is a national data protection law. Companies should therefore check whether or which federal laws apply to them. The following privacy laws may apply:
CCPA / CPRA – California
CCPA stands for California Consumer Privacy Act and was enacted in 2019. It applies especially in California or in relation to California residents. The “update” to CCPA is CPRA or California Privacy Rights Act. Under the CPRA, some regulations are specified and tightened.
VCDPA – Virginia
VCDPA stands for Virginia Consumer Data Protection Act and applies to companies doing business in the state of Virginia or serving residents of that state. VCDPA will be effective from January 1st, 2023 – i.e. since that date it must be implemented by companies at the latest.
CPA – Colorado
CPA or Colorado Privacy Act is the privacy law of the state of Colorado. Like Virginia’s VCDPA, this law is effective as of January 1, 2023 and must be implemented by companies located in Colorado or processing data from residents of the state.
UCPA – Utah
The data protection law for the state of Utah in the western United States is called the UCPA or Utah Consumer Privacy Act. Unlike the two laws we mentioned before, UCPA will not come into effect until December 31, 2023. This law also affects all companies that process a certain amount of data (here 100,000 per year) from the citizens of the state.
CAPDP – Connecticut
CAPDP (sometimes called CTPDP) stands for Connecticut Act Concerning Personal Data Privacy is the federal data protection law in the state of Connecticut. The law will go into effect on July 1, 2023 and will affect companies located in, doing business in, or processing information about citizens of the state of Connecticut.
US National Privacy
In addition to the above laws, various other states have their own laws in the works – some of which are expected as early as 2023. In addition, there are different approaches to country-level privacy regulations that apply across the United States.
FAQ
What does CPRA stand for?
California Privacy Rights Act
When will CCPA / CPRA come into force?
Both laws are already active and in force.
Are there already fines / penalties due to CCPA / CPRA?
Yes. The general attorney is already handing out fines. The most prominent case so far is that of Sephora with a fine of USD 1.2 million.
What does VCDPA stand for?
VCDPA stands for Virginia Consumer Data Protection Act
From when will VCDPA apply? When will VCDPA come into force?
VCDPA will apply from 01 January 2023
What does CPA stand for?
Colorado Privacy Act
From when will CPA apply? When will CPA come into force?
CPA is into force from 01 January 2023
What does UCPA stand for?
Utah Consumer Privacy Act
From when will UCPA apply? When will UCPA come into force?
UCPA will come into force on 31 December 2023
What does CAPDP stand for?
CAPDP stands for Connecticut Act Concerning Personal Data Privacy
From when will CAPDP apply? When will CAPDP come into force?
The law will come into effect 01 July 2023