Cookiewise
Features Pricing Documentation About Contact
Log In Start Free Trial
← Back to Blog
Industry 14 min read

International Privacy Laws: A Global Map of Cookie Regulations

From Brazil's LGPD to South Korea's PIPA - the world is converging on stronger privacy protections. Here's your guide to staying compliant globally.

CW
Cookiewise Team
Published Jan 10, 2025

Privacy regulation is no longer a European phenomenon. Over 140 countries now have data protection laws, and many explicitly regulate cookies and online tracking. If your website has a global audience, understanding this patchwork of legislation is critical.

The Global Privacy Landscape

🇪🇺

European Union - GDPR + ePrivacy

The global gold standard for privacy regulation

Strictest

Cookie requirement: Opt-in consent required before placing any non-essential cookies.

Enforcement: National DPAs across 27 member states. Fines up to €20M / 4% global revenue.

Key detail: The ePrivacy Directive works alongside GDPR specifically for cookies and electronic communications.

🇬🇧

United Kingdom - UK GDPR + PECR

Post-Brexit, maintains GDPR-level standards

Strict

Cookie requirement: Same as GDPR - opt-in consent for non-essential cookies via PECR.

Enforcement: ICO (Information Commissioner's Office). Fines up to £17.5M / 4% global revenue.

Key detail: The ICO has been increasingly active in cookie enforcement since 2023.

🇧🇷

Brazil - LGPD

Latin America's most comprehensive privacy law

Moderate

Cookie requirement: Consent required, but "legitimate interest" basis available for some processing.

Enforcement: ANPD. Fines up to 2% of revenue in Brazil, capped at R$50M per violation.

Key detail: LGPD closely mirrors GDPR but allows slightly more flexibility for legitimate interest.

🇨🇦

Canada - PIPEDA / Bill C-27

Evolving towards GDPR-level requirements

Moderate

Cookie requirement: Meaningful consent required. Implied consent acceptable in some cases.

Enforcement: OPC. Bill C-27 (pending) would introduce fines up to 5% global revenue.

Key detail: Quebec's Law 25 has already introduced stricter opt-in requirements for the province.

🇦🇺

Australia - Privacy Act 1988

Undergoing major reform

Emerging

Cookie requirement: No specific cookie consent law yet, but privacy reforms are imminent.

Enforcement: OAIC. Current fines up to A$50M for serious breaches.

Key detail: The 2024 Privacy Act Review recommends introducing cookie consent requirements.

🇰🇷

South Korea - PIPA

One of Asia's strictest privacy frameworks

Strict

Cookie requirement: Opt-in consent required. Must provide clear notice of data collection.

Enforcement: PIPC. Fines up to 3% of related revenue.

Key detail: South Korea has an EU adequacy decision, reflecting its high standards.

The Convergence Trend

The direction of travel is clear: privacy regulations worldwide are getting stricter, not looser. Countries that currently have weak or no cookie laws are actively developing them. The pragmatic approach is to implement the highest standard (GDPR-level opt-in consent) globally - it future-proofs your compliance and simplifies your tech stack.

Multi-Jurisdiction Strategy

Rather than trying to serve different banners to different regions (error-prone and complex), we recommend a tiered approach:

  1. Default to opt-in - Block non-essential cookies until consent is given. This satisfies the strictest regulations.
  2. Detect jurisdiction when possible - Adjust language and legal references (GDPR for EU, CCPA for California, etc.).
  3. Provide "Do Not Sell" for US visitors - Even if you default to opt-in, include this for CCPA/CPRA compliance.
  4. Maintain global consent records - Log jurisdiction alongside each consent event for audit purposes.

One platform, global compliance

Cookiewise handles multi-jurisdiction compliance so you don't have to.

Start Free Trial