DPO Radio
AesirX Privacy Laws Hub
AESIRX Privacy Laws Hub
Find the latest information on consent rules and global data privacy laws.
Browse Topics
Quick Search
Find legal details by country/state in one click.
GDPR
ePD
UK
Denmark
Germany
Norway
Spain
France
Vietnam
India
Brazil
California
Privacy Laws Directory
Global Laws and Regulations
Explore the directory to find privacy laws and consent rules
Directive 2002/58/EC (ePrivacy Directive) (EUR-Lex).
https://eur-lex.europa.eu/eli/dir/2002/58/oj/eng
https://eur-lex.europa.eu/eli/dir/2002/58/oj/eng
Regulation (EU) 2016/679 (GDPR) (EUR-Lex).
https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
EDPB Guidelines 2/2023 on the technical scope of Article 5(3) ePrivacy Directive (final).
https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_v2_en_0.pdf
https://www.edpb.europa.eu/system/files/2024-10/edpb_guidelines_202302_technical_scope_art_53_eprivacydirective_v2_en_0.pdf
EU DPAs (GDPR) - European Commission directory:
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
ePrivacy Directive competent authorities (cookies/terminal access enforcement varies by country):
https://digital-strategy.ec.europa.eu/en/library/list-personal-data-protection-competent-authorities
https://digital-strategy.ec.europa.eu/en/library/list-personal-data-protection-competent-authorities
EDPB “Our Members” (EU DPAs + EDPS + EEA EFTA DPAs):
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
In several Member States, the ePrivacy ‘terminal equipment’ rule (cookies and similar technologies) is supervised by a telecom/electronic communications authority, while GDPR aspects are supervised by the DPA. For completeness, we list both.Österreichische Datenschutzbehörde (DSB)
https://dsb.gv.at/
https://dsb.gv.at/
DSB - FAQ “Datenschutz & Cookies”
https://dsb.gv.at/faqs/datenschutz-cookies
https://dsb.gv.at/faqs/datenschutz-cookies
National ePrivacy implementation (official legal portal - RIS)
https://www.ris.bka.gv.at/
https://www.ris.bka.gv.at/
Rundfunk und Telekom Regulierungs-GmbH (RTR)
https://www.rtr.at/en/
https://www.rtr.at/en/
Gegevensbeschermingsautoriteit / Autorité de protection des données (APD/GBA)
https://www.dataprotectionauthority.be/
https://www.dataprotectionauthority.be/
APD/GBA - Cookies hub
https://www.dataprotectionauthority.be/cookies
https://www.dataprotectionauthority.be/cookies
APD/GBA - Cookie checklist (page)
https://www.dataprotectionauthority.be/cookie-checklist
https://www.dataprotectionauthority.be/cookie-checklist
APD/GBA - Cookie checklist (PDF)
https://www.dataprotectionauthority.be/index.php/publications/checklist-cookies.pdf
https://www.dataprotectionauthority.be/index.php/publications/checklist-cookies.pdf
National ePrivacy implementation (official legal portal - eJustice / Moniteur belge)
http://www.ejustice.just.fgov.be/loi/loi.htm
http://www.ejustice.just.fgov.be/loi/loi.htm
Belgian Institute for Postal Services and Telecommunications (BIPT/IBPT)
https://www.bipt.be/en
https://www.bipt.be/en
Commission for Personal Data Protection (CPDP)
https://www.cpdp.bg/en/
https://www.cpdp.bg/en/
National ePrivacy implementation (official legal portal - State Gazette)
https://dv.parliament.bg/
https://dv.parliament.bg/
Communications Regulation Commission (CRC)
https://www.crc.bg/en
https://www.crc.bg/en
Croatian Personal Data Protection Agency (AZOP)
https://azop.hr/en/
https://azop.hr/en/
National ePrivacy implementation (official legal portal - Narodne novine)
https://narodne-novine.nn.hr/
https://narodne-novine.nn.hr/
Croatian Regulatory Authority for Network Industries (HAKOM)
https://www.hakom.hr/en
https://www.hakom.hr/en
Office of the Commissioner for Personal Data Protection
https://www.dataprotection.gov.cy/
https://www.dataprotection.gov.cy/
National ePrivacy implementation (official legal portal - Cyprus Law Commissioner)
http://www.cylaw.org/
http://www.cylaw.org/
Office of the Commissioner of Electronic Communications and Postal Regulation (OCECPR)
https://ocecpr.ee.cy/
https://ocecpr.ee.cy/
Office for Personal Data Protection (ÚOOÚ)
https://www.uoou.cz/en/
https://www.uoou.cz/en/
National ePrivacy implementation (official legal portal - Zákony.gov.cz)
https://zakony.gov.cz/
https://zakony.gov.cz/
Czech Telecommunication Office (ČTÚ)
https://www.ctu.cz/en/
https://www.ctu.cz/en/
Danish Data Protection Agency (Datatilsynet)
https://www.datatilsynet.dk/
https://www.datatilsynet.dk/
Danish Data Protection Agency (Datatilsynet) - Cookies & similar technologies
https://www.datatilsynet.dk/regler-og-vejledning/cookies-og-lignende-teknologier
https://www.datatilsynet.dk/regler-og-vejledning/cookies-og-lignende-teknologier
Agency for Digital Government (Digitaliseringsstyrelsen / DIGST)
https://digst.dk/
https://digst.dk/
Agency for Digital Government (Digitaliseringsstyrelsen / DIGST) - Cookievejledningen
https://digst.dk/sikkerhed/digitale-tilsyn/sporingsteknologiomraadet/cookievejledningen/
https://digst.dk/sikkerhed/digitale-tilsyn/sporingsteknologiomraadet/cookievejledningen/
Joint guidance (DIGST + Datatilsynet) (PDF)
https://digst.dk/media/oy1btb02/faellesvejledning-med-datatilsynet.pdf
https://digst.dk/media/oy1btb02/faellesvejledning-med-datatilsynet.pdf
National ePrivacy implementation (official legal portal - Retsinformation)
https://www.retsinformation.dk/
https://www.retsinformation.dk/
Estonian Data Protection Inspectorate (AKI)
https://www.aki.ee/en/
https://www.aki.ee/en/
AKI - Cookies (page)
https://www.aki.ee/en/cookies
https://www.aki.ee/en/cookies
National ePrivacy implementation (official legal portal - Riigi Teataja)
https://www.riigiteataja.ee/en/
https://www.riigiteataja.ee/en/
Consumer Protection and Technical Regulatory Authority (TTJA)
https://www.ttja.ee/en
https://www.ttja.ee/en
Office of the Data Protection Ombudsman
https://tietosuoja.fi/en/
https://tietosuoja.fi/en/
Traficom (ePrivacy enforcement) - Cookies & similar technologies (PDF)
https://www.traficom.fi/sites/default/files/media/file/Cookies_guidance.pdf
https://www.traficom.fi/sites/default/files/media/file/Cookies_guidance.pdf
National ePrivacy implementation (official legal portal - Finlex)
https://www.finlex.fi/en/
https://www.finlex.fi/en/
CNIL - Cookies & trackers (hub)
https://www.cnil.fr/fr/cookies-et-autres-traceurs
https://www.cnil.fr/fr/cookies-et-autres-traceurs
CNIL - “Guidelines” (PDF)
https://www.cnil.fr/sites/cnil/files/atoms/files/lignes_directrices_de_la_cnil_sur_les_cookies_et_autres_traceurs.pdf
https://www.cnil.fr/sites/cnil/files/atoms/files/lignes_directrices_de_la_cnil_sur_les_cookies_et_autres_traceurs.pdf
CNIL - “Recommendation” (PDF)
https://www.cnil.fr/sites/cnil/files/atoms/files/recommandation_cookies_et_autres_traceurs.pdf
https://www.cnil.fr/sites/cnil/files/atoms/files/recommandation_cookies_et_autres_traceurs.pdf
National ePrivacy implementation (official legal portal - Légifrance)
https://www.legifrance.gouv.fr/
https://www.legifrance.gouv.fr/
ARCEP (telecom regulator)
https://www.arcep.fr/
https://www.arcep.fr/
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
https://www.bfdi.bund.de/EN/Home/home_node.html
https://www.bfdi.bund.de/EN/Home/home_node.html
TTDSG (official federal law portal)
https://www.gesetze-im-internet.de/ttdsg/
https://www.gesetze-im-internet.de/ttdsg/
German telecom law (TKG) (official portal)
https://www.gesetze-im-internet.de/tkg_2021/
https://www.gesetze-im-internet.de/tkg_2021/
Datenschutzkonferenz (DSK) - Orientierungshilfe “Einwilligungsbanner” (PDF)
https://www.datenschutzkonferenz-online.de/media/oh/20211220_orientierungshilfe_einwilligungsbanner.pdf
https://www.datenschutzkonferenz-online.de/media/oh/20211220_orientierungshilfe_einwilligungsbanner.pdf
National ePrivacy implementation (official legal portal - Gesetze im Internet)
https://www.gesetze-im-internet.de/
https://www.gesetze-im-internet.de/
Hellenic Data Protection Authority (HDPA)
https://www.dpa.gr/en/
https://www.dpa.gr/en/
HDPA - Guidelines on cookies & similar technologies
https://www.dpa.gr/en/press/guidelines-use-cookies-and-similar-technologies
https://www.dpa.gr/en/press/guidelines-use-cookies-and-similar-technologies
National ePrivacy implementation (official legal portal - National Printing Office)
https://www.et.gr/
https://www.et.gr/
Hellenic Authority for Communication Security and Privacy (ADAE)
https://adae.gov.gr/en/
https://adae.gov.gr/en/
National Authority for Data Protection and Freedom of Information (NAIH)
https://www.naih.hu/
https://www.naih.hu/
National ePrivacy implementation (official legal portal - National Legislation Database)
https://njt.hu/
https://njt.hu/
National Media and Infocommunications Authority (NMHH)
https://www.nmhh.hu/en
https://www.nmhh.hu/en
Data Protection Commission (DPC)
https://www.dataprotection.ie/
https://www.dataprotection.ie/
DPC - Guidance on cookies and other tracking technologies
https://www.dataprotection.ie/en/dpc-guidance/guidance-on-cookies-and-other-tracking-technologies
https://www.dataprotection.ie/en/dpc-guidance/guidance-on-cookies-and-other-tracking-technologies
National ePrivacy implementation (official legal portal - Irish Statute Book)
https://www.irishstatutebook.ie/
https://www.irishstatutebook.ie/
Garante per la protezione dei dati personali
https://www.garanteprivacy.it/
https://www.garanteprivacy.it/
Garante - Cookie guidelines (Docweb)
https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9677876
https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9677876
National ePrivacy implementation (official legal portal - Normattiva)
https://www.normattiva.it/
https://www.normattiva.it/
Data State Inspectorate (DVI)
https://www.dvi.gov.lv/en/
https://www.dvi.gov.lv/en/
National ePrivacy implementation (official legal portal - Likumi.lv)
https://likumi.lv/
https://likumi.lv/
Public Utilities Commission (SPRK)
https://www.sprk.gov.lv/en
https://www.sprk.gov.lv/en
State Data Protection Inspectorate (VDAI)
https://vdai.lrv.lt/en/
https://vdai.lrv.lt/en/
National ePrivacy implementation (official legal portal - e-TAR)
https://www.e-tar.lt/
https://www.e-tar.lt/
Communications Regulatory Authority (RRT)
https://www.rrt.lt/en/
https://www.rrt.lt/en/
National Data Protection Commission (CNPD)
https://cnpd.public.lu/en/
https://cnpd.public.lu/en/
CNPD - Cookies (thematic page)
https://cnpd.public.lu/fr/dossiers-thematiques/cookies.html
https://cnpd.public.lu/fr/dossiers-thematiques/cookies.html
National ePrivacy implementation (official legal portal - Legilux)
https://legilux.public.lu/
https://legilux.public.lu/
Information and Data Protection Commissioner (IDPC)
https://idpc.org.mt/
https://idpc.org.mt/
National ePrivacy implementation (official legal portal - Legislation Malta)
https://legislation.mt/
https://legislation.mt/
Malta Communications Authority (MCA)
https://www.mca.org.mt/
https://www.mca.org.mt/
Autoriteit Persoonsgegevens (AP)
https://autoriteitpersoonsgegevens.nl/
https://autoriteitpersoonsgegevens.nl/
AP - Tracking cookies
https://autoriteitpersoonsgegevens.nl/themas/internet-slimme-apparaten-cookies/cookies/tracking-cookies
https://autoriteitpersoonsgegevens.nl/themas/internet-slimme-apparaten-cookies/cookies/tracking-cookies
AP - Clear cookie banners
https://autoriteitpersoonsgegevens.nl/themas/internet-slimme-apparaten-cookies/cookies/heldere-cookie-banners
https://autoriteitpersoonsgegevens.nl/themas/internet-slimme-apparaten-cookies/cookies/heldere-cookie-banners
National ePrivacy implementation (official legal portal - Wetten.overheid.nl)
https://wetten.overheid.nl/
https://wetten.overheid.nl/
Authority for Consumers and Markets (ACM)
https://www.acm.nl/en
https://www.acm.nl/en
Dutch Authority for Digital Infrastructure (RDI)
https://www.rdi.nl/
https://www.rdi.nl/
Personal Data Protection Office (UODO)
https://uodo.gov.pl/en
https://uodo.gov.pl/en
National ePrivacy implementation (official legal portal - ISAP Sejm)
https://isap.sejm.gov.pl/
https://isap.sejm.gov.pl/
Office of Electronic Communications (UKE)
https://uke.gov.pl/en/
https://uke.gov.pl/en/
Comissão Nacional de Proteção de Dados (CNPD)
https://www.cnpd.pt/
https://www.cnpd.pt/
National ePrivacy implementation (official legal portal - Diário da República)
https://dre.pt/
https://dre.pt/
Autoridade Nacional de Comunicações (ANACOM)
https://www.anacom.pt/
https://www.anacom.pt/
National Supervisory Authority for Personal Data Processing (ANSPDCP)
https://www.dataprotection.ro/
https://www.dataprotection.ro/
National ePrivacy implementation (official legal portal - Legislatie Just)
https://legislatie.just.ro/
https://legislatie.just.ro/
National Authority for Management and Regulation in Communications (ANCOM)
https://www.ancom.ro/en/
https://www.ancom.ro/en/
Office for Personal Data Protection of the Slovak Republic
https://dataprotection.gov.sk/
https://dataprotection.gov.sk/
National ePrivacy implementation (official legal portal - Slov-Lex)
https://www.slov-lex.sk/
https://www.slov-lex.sk/
Regulatory Authority for Electronic Communications and Postal Services (Teleoff)
https://www.teleoff.gov.sk/en/
https://www.teleoff.gov.sk/en/
Information Commissioner (IP-RS)
https://www.ip-rs.si/en/
https://www.ip-rs.si/en/
National ePrivacy implementation (official legal portal - PISRS)
http://pisrs.si/Pis.web/
http://pisrs.si/Pis.web/
Agency for Communication Networks and Services (AKOS)
https://www.akos-rs.si/en/
https://www.akos-rs.si/en/
Agencia Española de Protección de Datos (AEPD)
https://www.aepd.es/
https://www.aepd.es/
AEPD - Cookie guide (PDF)
https://www.aepd.es/guias/guia-cookies.pdf
https://www.aepd.es/guias/guia-cookies.pdf
National ePrivacy implementation (official legal portal - BOE)
https://www.boe.es/
https://www.boe.es/
National Commission on Markets and Competition (CNMC)
https://www.cnmc.es/en
https://www.cnmc.es/en
Swedish Authority for Privacy Protection (IMY)
https://www.imy.se/other-lang/in-english/
https://www.imy.se/other-lang/in-english/
IMY - cookie-banner enforcement example (news)
https://www.imy.se/nyheter/imy-riktar-kritik-mot-foretags-kakbanners/
https://www.imy.se/nyheter/imy-riktar-kritik-mot-foretags-kakbanners/
Swedish Post and Telecom Authority (PTS) - Cookies guidance
https://pts.se/internet-och-telefoni/kakor-cookies/
https://pts.se/internet-och-telefoni/kakor-cookies/
PTS - Guiding decisions (cookies)
https://pts.se/internet-och-telefoni/kakor-cookies/vagledande-beslut/
https://pts.se/internet-och-telefoni/kakor-cookies/vagledande-beslut/
National ePrivacy implementation (official legal portal - Riksdagen laws)
https://www.riksdagen.se/sv/dokument-och-lagar/
https://www.riksdagen.se/sv/dokument-och-lagar/
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), Regulation 6.
https://www.legislation.gov.uk/uksi/2003/2426/regulation/6
https://www.legislation.gov.uk/uksi/2003/2426/regulation/6
Information Commissioner’s Office (ICO)
https://ico.org.uk/
https://ico.org.uk/
ICO: Cookies and similar technologies (overview).
https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/
https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/
Data Protection Act 2018 (UK legislation).
https://www.legislation.gov.uk/ukpga/2018/12/contents
https://www.legislation.gov.uk/ukpga/2018/12/contents
UK Government: overview of the UK’s data protection legislation (UK GDPR + DPA 2018).
https://www.gov.uk/data-protection
https://www.gov.uk/data-protection
Lov om elektronisk kommunikasjon (ekomloven) (Lovdata).
https://lovdata.no/dokument/NL/lov/2024-12-13-76
https://lovdata.no/dokument/NL/lov/2024-12-13-76
Datatilsynet (NO).
https://www.datatilsynet.no/
https://www.datatilsynet.no/
Datatilsynet (NO): guidance on cookie rules and ekomloven § 3-15.
https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2024/nye-cookie-regler-fra-1.-januar
https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2024/nye-cookie-regler-fra-1.-januar
Ministry of Electronics and Information Technology
https://www.meity.gov.in/
https://www.meity.gov.in/
Digital Personal Data Protection Act, 2023 (official PDF via MeitY).
https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf
https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf
Ministry of Public Security (MPS)
https://en.bocongan.gov.vn/
https://en.bocongan.gov.vn/
Law No. 91/2025/QH15 on Personal Data Protection (official PDF via VBPL).
https://vbpl.vn/FileData/TW/Lists/vbpq/Attachments/179252/VanBanGoc_91.L2025-Luat%20Bao%20ve%20du%20lieu%20ca%20nhan.pdf
https://vbpl.vn/FileData/TW/Lists/vbpq/Attachments/179252/VanBanGoc_91.L2025-Luat%20Bao%20ve%20du%20lieu%20ca%20nhan.pdf
Luật Dữ liệu (Law No. 60/2024/QH15)
https://vbpl.vn/bocongan/Pages/vbpq-van-ban-goc.aspx?ItemID=174877&dvid=316
https://vbpl.vn/bocongan/Pages/vbpq-van-ban-goc.aspx?ItemID=174877&dvid=316
Decree 165/2025/NĐ-CP (implementation detail for the Data Law)
https://congbao.chinhphu.vn/tai-ve-van-ban-so-165-2025-nd-cp-45395-57375?format=pdf
https://congbao.chinhphu.vn/tai-ve-van-ban-so-165-2025-nd-cp-45395-57375?format=pdf
Lei nº 13.709/2018 (LGPD) - Planalto (official text).
https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm
ANPD: “Guia Orientativo de Cookies e Proteção de Dados Pessoais” (PDF)
https://www.gov.br/anpd/pt-br/centrais-de-conteudo/materiais-educativos-e-publicacoes/guia-orientativo-cookies-e-protecao-de-dados-pessoais.pdf
https://www.gov.br/anpd/pt-br/centrais-de-conteudo/materiais-educativos-e-publicacoes/guia-orientativo-cookies-e-protecao-de-dados-pessoais.pdf
CCPA / California Civil Code Title 1.81.5 (California Legislative Information)
https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&lawCode=CIV&part=4.&title=1.81.5
https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&lawCode=CIV&part=4.&title=1.81.5
California Privacy Protection Agency
https://cppa.ca.gov/
https://cppa.ca.gov/
California Consumer Privacy Act (CCPA)
https://oag.ca.gov/privacy/ccpa
https://oag.ca.gov/privacy/ccpa
California AG: CCPA Regulations (PDF) addressing privacy controls / opt-out signals.
https://oag.ca.gov/
https://oag.ca.gov/
Latest Articles
Expert Insights
People Also Ask
A high-quality privacy law library does more than list statutes. It translates complexity into actionable insight so all teams can interpret requirements, make design decisions, and operationalize compliance. The AesirX Privacy Laws Hub shows what each law means in practice (e.g., consent expectations), so teams can map obligations to real workflows (data collection, cookie deployment, etc.) without hunting multiple government sites. Note: the Hub currently provides a growing overview of major privacy and consent laws and is being expanded into dedicated country and regional pages with deeper detail on how each law applies in practice.
The AesirX Privacy Laws Hub is designed as an informational resource and starting point. Businesses should always review requirements against their own activities and seek professional legal advice where needed.
This resource helps legal teams, Data Protection Officers, Product Managers, and privacy leads understand what legal regimes apply to their operations and obligations. It also aids developers and architects by clarifying technical control implications (e.g., consent, data minimization, cross-border transfers). For smaller teams or startups without dedicated privacy staff, the Privacy Laws Hub offers a foundation to self-educate and prioritize. Think of it as the first stop before engaging external counsel.
Agencies advising clients on marketing, analytics, martech, or digital transformation can use the Privacy Laws Hub as a central reference for risk reviews, client discussions, and project planning. Rather than pulling information from multiple sources, agencies can quickly compare regional obligations in one place, connect them to client data practices, and identify suitable approaches such as consent management and first-party data models. This supports clearer recommendations, stronger trust with clients, and more structured service delivery.
While often referred to as “cookie laws,” most regulations actually apply to all tracking technologies, including pixels, SDKs, fingerprinting, and analytics scripts, not just cookies. The AesirX Privacy Laws Hub brings together core requirements from global privacy and ePrivacy-style laws, showing who regulates online tracking, when consent is required, and what disclosures are required. Use this information to determine things like whether your site needs explicit opt-in, what documentation is needed in your privacy notice, and how to align cookie scanning/blocking with legal expectations.
The AesirX Privacy Laws Hub brings together core requirements from global privacy and ePrivacy-style laws, showing who regulates online tracking, when consent is required, and what disclosures are required. You can use it to understand whether your site or app needs explicit opt-in, what must be disclosed in your privacy notice, and how scanning and blocking of all tracking technologies (not just cookies) should align with legal expectations.
The Hub is continuously expanding. Upcoming updates will include dedicated pages for individual countries and regional frameworks, deeper explanations of how each law impacts digital businesses, real-world compliance considerations, and clearer comparisons between regulations. This will make it easier to track changes, understand local requirements, and apply them in practice.
The evolution of Aesir is Aesir + 
(the Norse symbol for Necessity)"Needed in order to achieve a particular result"
♥Join the AesirX Privacy Newsletter. Stay Informed. Stay Compliant.
