Skip to content
ProductAgenciesEnterprisePricingTrustBlog

Worldwide regulations

Global privacy coverage without pretending one banner solves every law.

COKIQ now maps the major website consent regions teams ask about: GDPR, UK GDPR, India DPDP, CCPA/CPRA, Brazil LGPD, Canada PIPEDA, South Africa POPIA, Singapore PDPA, Gulf privacy laws, broader APAC, Google Consent Mode v2, and IAB TCF roadmap.

Start free scanView capability status
Available workflow2
Supported with legal review8
Roadmap / framework-specific1

This page is a product capability map, not legal advice or a compliance certificate. Legal wording, jurisdiction applicability, and regulator-specific decisions still need customer-side counsel review where required.

What COKIQ provides

The actual deliverables we can stand behind.

This is the practical coverage customers can expect from COKIQ today. The product helps teams operate consent correctly; it does not replace a lawyer or claim certifications that are not granted.

Website cookie and script scanner
Cookie, pixel, analytics, chat, embed, and third-party tracker inventory
Cookie category review for necessary, analytics, marketing, preferences, and unknown scripts
Consent banner setup with accept, reject, and custom choices
Consent preferences revisit control
Basic non-essential script blocking workflow
Google Consent Mode v2 default and update signal mapping
Consent and preference logs with timestamp, site, category state, region, and policy-version evidence
Cookie policy and privacy policy draft workflow
Policy link checks and policy-version evidence
Monthly or change-based rescan reports
Dashboard compliance snapshot across connected domains
Agency/client portfolio reporting path
Installation support for custom HTML, Google Tag Manager, WordPress, Shopify, WooCommerce, WHMCS, Webflow, Wix, Next.js, React, Vue/Nuxt, and Laravel/PHP
Trust assets: privacy policy, cookie policy, DPA summary, subprocessors, data retention, support policy, security overview, and vendor questionnaire
Managed setup and review handoff for India, Gulf, SMB, agency, SaaS, ecommerce, and enterprise websites

Needs legal or customer review

  • Country-specific legal wording and final attorney sign-off
  • Whether a law applies to a specific customer, industry, revenue threshold, or user base
  • Data Processing Agreement negotiation and customer procurement review
  • Do Not Sell or Share / sensitive-data disclosures for US state privacy programs
  • Arabic, local-language, or sector-specific notices where local counsel requires them
  • Cross-border transfer analysis and regulator-facing legal positions

Not claimed yet

  • IAB TCF production support
  • Google CMP certification
  • SOC 2 or ISO 27001 certification
  • Attorney-issued compliance certificate
  • Automatic country-by-country legal advice
  • Fully localized legal notice library for every jurisdiction

Coverage map

Major privacy laws and what COKIQ can operationalize.

European Union / EEA

GDPR and ePrivacy cookie consent

Available workflow

EU-facing websites usually need prior consent for non-essential cookies, granular choices, easy withdrawal, and evidence of the visitor choice.

Website focus

  • Prior consent before analytics and marketing tags
  • Granular categories and no pre-ticked choices
  • Cookie and privacy policy visibility
  • Consent logs and policy-version evidence

COKIQ support

  • Scanner-led cookie discovery
  • Category-based banner choices
  • Consent Mode v2 mapping
  • Consent logs and reports
Source: European Commission GDPR framework

United Kingdom

UK GDPR and PECR

Supported with legal review

UK cookie compliance combines UK GDPR personal-data duties with PECR rules for storing or accessing information on a user device.

Website focus

  • Clear cookie notice
  • Consent before non-essential cookies
  • Withdrawal path
  • Proof of preferences

COKIQ support

  • Cookie scanner
  • Banner controls
  • Policy links
  • Exportable consent records
Source: UK ICO cookie guidance

India

Digital Personal Data Protection Act, 2023

Available workflow

India DPDP work focuses on clear notice, consent, withdrawal, data principal rights, purpose limitation, and accountability for digital personal data.

Website focus

  • Simple notice and purpose clarity
  • Consent and withdrawal records
  • Grievance/contact route
  • Periodic review of pixels, analytics, forms, and chat widgets

COKIQ support

  • DPDPA page and guide
  • Consent logs tied to policy versions
  • Website scan reports
  • Operational checklist for Indian SMB and agency sites
Source: India Code DPDP Act, 2023

United States

CCPA/CPRA and US state privacy laws

Supported with legal review

US privacy work often centers on notice, opt-out choices, sale/share disclosures, sensitive-data handling, and recurring tracker review.

Website focus

  • Do Not Sell or Share review where applicable
  • Advertising and analytics tracker discovery
  • Privacy policy disclosures
  • Consumer request workflow

COKIQ support

  • CCPA page
  • Tracker and pixel scans
  • Preference evidence
  • Recurring campaign-page reports
Source: California DOJ CCPA overview

Brazil

LGPD

Supported with legal review

Brazil LGPD applies personal-data principles to cookies and tracking where they identify or can relate to a person.

Website focus

  • Specific purpose disclosure
  • Non-essential cookie controls
  • Cookie-policy detail
  • Easy reject and preference management

COKIQ support

  • Cookie inventory
  • Banner category workflow
  • Policy-review evidence
  • Reports for counsel review
Source: Brazil ANPD cookie guidance

Canada

PIPEDA and provincial privacy laws

Supported with legal review

Canadian website privacy work usually requires meaningful consent, purpose clarity, safeguards, access rights, and accountable data handling.

Website focus

  • Meaningful consent language
  • Purpose and third-party disclosure
  • Retention and access request route
  • Cookie and analytics transparency

COKIQ support

  • Policy link checks
  • Cookie category review
  • Consent records
  • Monthly reports
Source: Office of the Privacy Commissioner of Canada

South Africa

POPIA

Supported with legal review

POPIA regulates processing of personal information and requires accountable, purpose-limited handling of personal data collected through digital channels.

Website focus

  • Collection notice
  • Purpose limitation
  • Security safeguards
  • Direct marketing and profiling review

COKIQ support

  • Tracker discovery
  • Consent and preference logging
  • Policy evidence
  • Report exports
Source: South African Government POPIA page

Singapore

PDPA

Supported with legal review

Singapore PDPA sets baseline personal-data protection duties including consent, purpose notification, protection, retention, transfer, and accountability.

Website focus

  • Consent and purpose notice
  • Personal-data cookies and identifiers
  • Withdrawal request path
  • Transfer and retention controls

COKIQ support

  • Banner and policy workflow
  • Cookie scan history
  • Consent logs
  • Operational reports
Source: Singapore PDPC PDPA overview

UAE / Saudi Arabia / Gulf

PDPL-style regional privacy laws

Supported with legal review

Gulf privacy programs need clear notice, lawful basis or consent review, transfer discipline, security controls, and local legal review for market-specific rules.

Website focus

  • Arabic/English notice review where needed
  • Consent and purpose records
  • Cross-border transfer review
  • Marketing pixel and WhatsApp/contact-form audit

COKIQ support

  • Cookie and script scans
  • Consent records
  • Policy-readiness reports
  • Managed setup path for Gulf SMBs
Source: SDAIA Saudi PDPL guide

APAC broader coverage

Australia, New Zealand, Japan, Korea, Thailand, Indonesia, Philippines

Supported with legal review

APAC privacy rules vary by country, but website operations commonly need notice, consent or lawful-basis review, purpose clarity, retention discipline, and user-rights routing.

Website focus

  • Country-specific notice review
  • Tracker and analytics transparency
  • Consent or opt-out controls where relevant
  • Exportable evidence for local counsel

COKIQ support

  • Scan baseline
  • Banner configuration
  • Consent evidence
  • Recurring reports
Source: Singapore PDPC regional baseline reference

Ads and publisher frameworks

Google Consent Mode v2 and IAB TCF

TCF roadmap, Consent Mode available

Advertising and publisher ecosystems add operational requirements on top of legal duties, especially for Google tags, remarketing, conversion tracking, and EU ad serving.

Website focus

  • Google consent defaults and updates
  • ad_user_data and ad_personalization mapping
  • GTM/GA4 verification
  • IAB TCF evaluation for publishers

COKIQ support

  • Consent Mode v2 compatible signals
  • Google-tag readiness checks
  • Install verification
  • IAB TCF on roadmap
Source: Google CMP / Consent Mode policy docs

Implementation discipline

What must be proper everywhere.

COKIQ should keep the same product promise across every market: scan first, control scripts, show clear choices, keep evidence, review changes, and avoid unsupported legal-certification claims.

Regional banner behavior
Country-aware policy wording
Consent Mode v2 defaults
Accept, reject, and custom logs
Policy version evidence
Monthly rescan reports
Customer legal-review notes
Roadmap labels for TCF/certification