Jurisdictions

LiteConsent adapts the consent banner to match the privacy laws that apply to each visitor, based on their geographic location.

Supported regulations

Adaptive vs. uniform mode

Adaptive mode (default): LiteConsent detects the visitor's location and shows the appropriate consent experience. EU visitors see a GDPR-compliant banner, California visitors see CCPA opt-out, and visitors from unregulated regions see a minimal notice or no banner at all.

Uniform mode: Show the same consent banner to all visitors regardless of location. You can configure the visibility scope: "everywhere", "EU & UK only", or "EU, UK & US".

Fallback behavior

When a visitor's location doesn't match any enabled jurisdiction, the fallback behavior determines what happens. The options are: "none" (no banner, all cookies allowed), "notice" (informational notice only), or "full_consent" (full GDPR-style consent). Configure this in the General tab of your site settings.

GDPR requirements in detail

The EU General Data Protection Regulation (GDPR), together with the ePrivacy Directive, sets specific rules for cookie consent:

• Prior consent: Non-essential cookies cannot be set before the visitor actively consents. Pre-ticked checkboxes do not count as valid consent.
• Granular choices: Visitors must be able to accept or reject cookies by category (e.g., analytics separately from marketing). An "Accept All" button is allowed, but a one-click "Reject All" or equivalent must also be available.
• Easy withdrawal: It must be as easy to withdraw consent as it is to give it. LiteConsent provides a persistent widget that lets visitors update their preferences at any time.
• Consent records: You must be able to demonstrate that consent was given. LiteConsent stores timestamped consent logs with the visitor's choices, accessible from the Consent Logs tab in the dashboard.
• Clear information: The banner must explain what cookies are used for, who sets them, and how long they last. LiteConsent auto-generates this information from your cookie scan results.

UK GDPR

After Brexit, the UK adopted its own version of the GDPR (the UK GDPR), enforced by the Information Commissioner's Office (ICO). The cookie consent requirements are functionally identical to EU GDPR. The UK also retains the Privacy and Electronic Communications Regulations (PECR), which specifically govern cookies and similar technologies.

LiteConsent treats UK visitors the same as EU visitors: full opt-in consent with granular category choices. No separate configuration is needed.

CCPA / CPRA in detail

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), takes a different approach from GDPR:

• Opt-out model: Unlike GDPR, CCPA does not require prior consent. Instead, businesses must provide a clear "Do Not Sell or Share My Personal Information" mechanism.
• Applicability thresholds: CCPA applies to for-profit businesses that do business in California and meet at least one of: annual gross revenue over $25 million, buying/selling personal information of 100,000+ consumers, or deriving 50%+ of revenue from selling personal information.
• Consumer rights: California residents have the right to know what personal information is collected, to delete it, to opt out of its sale or sharing, and to non-discrimination for exercising these rights.
• "Share" under CPRA: The CPRA expanded the definition to include sharing personal information for cross-context behavioral advertising, even without a traditional "sale."

LiteConsent shows a CCPA-specific banner to California visitors with opt-out language and a "Do Not Sell or Share" action.

Other regulations

Penalties overview