Consent banner / consent management platform

consent-bannerDomain: data-privacyType: mixed

Description

A consent banner is the operational endpoint of the lawful-basis question for tracking that requires user opt-in (cookies, ad pixels, analytics SDKs, third-party tags). Three pieces have to line up: the surface (banner / preference center on first visit and on demand thereafter), the categorization that backs it (which cookies are essential, which are functional, which are analytics, which are advertising; the categorization is what determines whether the user opt-out actually means anything), and the tag-management plumbing that respects the categorization downstream. Vendors typically own the banner and the categorization scaffolding; the in-house work is usually configuring the categorization correctly and connecting it to the actual tag manager. Most consent-banner failures observed in enforcement come from the connection layer rather than the surface itself: a categorically opted-out user whose tags fire anyway because the integration was never wired up.

Applicability

Applies when: markets include EU, UK, california, brazil, or canada.

How predicates are evaluated

Required by (34 regulations)

APPI
Act on the Protection of Personal Information (Act No. 57 of 2003, as amended by Act No. 44 of 2020, effective April 1, 2022)
Argentina PDPA
BIPA
740 ILCS 14/1 et seq.
Marco Civil
Lei nº 12.965, de 23 de abril de 2014 (Marco Civil da Internet), regulated by Decreto nº 8.771, de 11 de maio de 2016
CA AADC
Cal. Civ. Code §§1798.99.28-1798.99.40 (AB 2273, 2022)
CCPA/CPRA
Opt-out rights (CCPA §1798.120) and Global Privacy Control signal handling.
Cal. Civ. Code §§1798.100-1798.199.100; 11 CCR §7000-7102
Colombia 1581
CPA
Colo. Rev. Stat. §§6-1-1301 to 6-1-1313; 4 CCR 904-3
CTDPA
Conn. Gen. Stat. §§42-515 to 42-525
DE PDPA
Del. Code Ann. tit. 6, ch. 12D
DPDPA
Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023), published in the Gazette of India on August 11, 2023
GDPR
Articles 6 + 7 — consent as a lawful basis; ePrivacy Article 5(3) for cookies.
Regulation (EU) 2016/679 of the European Parliament and of the Council
IT Rules 2021
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, issued under the Information Technology Act, 2000 (Act No. 21 of 2000), as amended by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2023
Indonesia PDP
Kenya DPA
LGPD
Article 8 — consent must be unambiguous; renewals every reasonable period.
Lei nº 13.709, de 14 de agosto de 2018 (as amended by Lei nº 13.853/2019 and Emenda Constitucional nº 115/2022)
MODPA
Md. Code Ann., Com. Law §§14-4601 to 14-4616
LFPDPPP
MCDPA
Mont. Code Ann. §§30-14-2801 to 30-14-2817
NJDPA
N.J. Stat. Ann. §§56:8-166 to 56:8-188
OCPA
Or. Rev. Stat. §§646A.570 to 646A.604
Philippines DPA
PIPA
Personal Information Protection Act (Act No. 10465, enacted March 29, 2011; last wholly amended by Act No. 19234, effective September 15, 2023)
PIPL
Personal Information Protection Law of the People's Republic of China (adopted August 20, 2021, effective November 1, 2021)
PDPL
Royal Decree M/19, dated 9/2/1443 AH (September 16, 2021), Personal Data Protection Law, effective September 14, 2023
Singapore PDPA
TDPSA
Tex. Bus. & Com. Code §§541.001-541.205
Thailand PDPA
KVKK
UAE Data Protection Law
UK AADC
Standard 9 — children’s data; UK PECR Reg. 6.
Data Protection Act 2018, s.123; Age Appropriate Design: A Code of Practice for Online Services (ICO, 2020)
UCPA
Utah Code §§13-61-101 to 13-61-404
Vietnam PDPD
VCDPA
Va. Code §§59.1-575 to 59.1-585

Fulfilled by (5)

onetrust · full · medium effort · $$
didomi · full · medium effort · $$
osano · full · low effort · $
transcend · full · medium effort · $$
In-house build · high effort
Operating a compliant CMP in-house requires consent log retention, granularity, and re-prompt cadence work most teams underestimate.

ClearLaunch does not accept payment from vendors. Methodology.

Evidence formats

consent log
CMP configuration screenshot
IAB TCF / Google Consent Mode integration receipt

ClearLaunch provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Description

Required by (34 regulations)

APPI

Act on the Protection of Personal Information (Act No. 57 of 2003, as amended by Act No. 44 of 2020, effective April 1, 2022)

Argentina PDPA

BIPA

740 ILCS 14/1 et seq.

Marco Civil

Lei nº 12.965, de 23 de abril de 2014 (Marco Civil da Internet), regulated by Decreto nº 8.771, de 11 de maio de 2016

CA AADC

Cal. Civ. Code §§1798.99.28-1798.99.40 (AB 2273, 2022)

CCPA/CPRA

Opt-out rights (CCPA §1798.120) and Global Privacy Control signal handling.

Cal. Civ. Code §§1798.100-1798.199.100; 11 CCR §7000-7102

Colombia 1581

CPA

Colo. Rev. Stat. §§6-1-1301 to 6-1-1313; 4 CCR 904-3

CTDPA

Conn. Gen. Stat. §§42-515 to 42-525

DE PDPA

Del. Code Ann. tit. 6, ch. 12D

DPDPA

Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023), published in the Gazette of India on August 11, 2023

GDPR

Articles 6 + 7 — consent as a lawful basis; ePrivacy Article 5(3) for cookies.

Regulation (EU) 2016/679 of the European Parliament and of the Council

IT Rules 2021

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, issued under the Information Technology Act, 2000 (Act No. 21 of 2000), as amended by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2023

Indonesia PDP

Kenya DPA

LGPD

Article 8 — consent must be unambiguous; renewals every reasonable period.

Lei nº 13.709, de 14 de agosto de 2018 (as amended by Lei nº 13.853/2019 and Emenda Constitucional nº 115/2022)

MODPA

Md. Code Ann., Com. Law §§14-4601 to 14-4616

LFPDPPP

MCDPA

Mont. Code Ann. §§30-14-2801 to 30-14-2817

NJDPA

N.J. Stat. Ann. §§56:8-166 to 56:8-188

OCPA

Or. Rev. Stat. §§646A.570 to 646A.604

Philippines DPA

PIPA

Personal Information Protection Act (Act No. 10465, enacted March 29, 2011; last wholly amended by Act No. 19234, effective September 15, 2023)

PIPL

Personal Information Protection Law of the People's Republic of China (adopted August 20, 2021, effective November 1, 2021)

PDPL

Royal Decree M/19, dated 9/2/1443 AH (September 16, 2021), Personal Data Protection Law, effective September 14, 2023

Singapore PDPA

TDPSA

Tex. Bus. & Com. Code §§541.001-541.205

Thailand PDPA

KVKK

UAE Data Protection Law

UK AADC

Standard 9 — children’s data; UK PECR Reg. 6.

Data Protection Act 2018, s.123; Age Appropriate Design: A Code of Practice for Online Services (ICO, 2020)

UCPA

Utah Code §§13-61-101 to 13-61-404

Vietnam PDPD

VCDPA

Va. Code §§59.1-575 to 59.1-585

Fulfilled by (5)

onetrust · full · medium effort · $$

didomi · full · medium effort · $$

osano · full · low effort · $

transcend · full · medium effort · $$

In-house build · high effort

Operating a compliant CMP in-house requires consent log retention, granularity, and re-prompt cadence work most teams underestimate.

ClearLaunch does not accept payment from vendors. Methodology.