Compliance Glossary

Permission obtained from website visitors before setting non-essential cookies on their devices.

Cookies set by domains other than the website the user is currently visiting, typically used for cross-site tracking and advertising.

Cookies set directly by the website domain that the user is currently visiting.

Tiny invisible images or code snippets embedded in web pages or emails to monitor user behavior and collect analytics data.

Classification groups that organize cookies by their purpose, such as necessary, analytics, marketing, and functional.

Temporary cookies that are automatically deleted when the user closes their web browser.

Cookies that remain stored on a user’s device after the browser is closed, with a defined expiration date.

A user interface element displayed on websites to inform visitors about cookie usage and collect their consent preferences.

A document that explains what cookies a website uses, why it uses them, and how users can manage their preferences.

A systematic review and documentation of all cookies and tracking technologies used by a website.

A tracking technique that identifies users by collecting unique combinations of browser and device characteristics without using cookies.

Using browser localStorage or sessionStorage mechanisms to store tracking data as an alternative to traditional cookies.

Software that manages the collection, storage, and enforcement of user consent for cookies and data processing on websites.

Consent that is freely given, specific, informed, and unambiguous, demonstrated through a clear affirmative action by the user.

Consent that is inferred from a user’s actions or inaction rather than explicitly stated, accepted in some jurisdictions for non-sensitive data.

A legal basis under GDPR that allows data processing without consent when the controller’s interests are not overridden by the data subject’s rights.

A consent model where users must actively agree to data processing or cookie placement before it begins.

A consent model where data processing begins by default and users must actively refuse or withdraw to stop it.

Documented proof that consent was obtained, including details of when, how, and what the individual consented to.

The ability for users to accept or reject different categories of cookies or data processing activities individually.

Consent that must be obtained before any data processing or cookie placement begins, not after.

A user’s right to revoke previously given consent for data processing at any time, as easily as it was given.

The entity that determines the purposes and means of processing personal data.

An entity that processes personal data on behalf of and under the instructions of a data controller.

An identified or identifiable individual whose personal data is being collected or processed.

A designated person responsible for overseeing an organization’s data protection strategy, practices, and compliance.

A formal assessment required before processing activities that are likely to result in high risks to individuals’ rights and freedoms.

The legal requirement to report data breaches to supervisory authorities and affected individuals within specified timeframes.

The principle that organizations should collect and process only the personal data that is strictly necessary for the specified purpose.

The principle that personal data should only be collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes.

An individual’s right to request the deletion of their personal data, also known as the right to be forgotten.

A formal request from an individual to obtain a copy of all personal data an organization holds about them.

The European Union’s comprehensive data protection law, establishing strict rules for processing personal data and strong individual rights.

California’s landmark privacy law giving consumers the right to know, delete, and opt out of the sale of their personal information.

The 2023 amendment to the CCPA that strengthened consumer privacy protections and created the California Privacy Protection Agency.

Canada’s federal privacy law governing how private-sector organizations collect, use, and disclose personal information in commercial activities.

Brazil’s comprehensive data protection law modeled on the GDPR, establishing rules for processing personal data of individuals in Brazil.

The EU directive specifically governing electronic communications, cookies, and tracking technologies, working alongside the GDPR.

South Africa’s comprehensive data protection law establishing conditions for lawful processing of personal information.

A browser-level signal that communicates a user’s preference to opt out of the sale or sharing of their personal information.