Privacy & GDPR Glossary
Demystifying the complex jargon around cookies, privacy laws, and tracking technologies.
GDPR (General Data Protection Regulation)
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It mandates that users must give explicit consent before non-essential cookies are placed on their devices.
First-party Cookie
A cookie set directly by the website the user is visiting. Often used for essential site functionality like keeping a user logged in or remembering items in a shopping cart.
Third-party Cookie
A cookie set by a domain other than the one the user is currently visiting, typically used for cross-site tracking, advertising, and analytics.
CMP (Consent Management Platform)
Software that helps websites manage user consent for data collection, typically through a 'cookie banner'. Popular CMPs include Cookiebot, OneTrust, and Usercentrics.
TCF 2.2 (Transparency and Consent Framework)
A framework created by IAB Europe to help publishers, technology vendors, and agencies meet the requirements of the GDPR and ePrivacy Directive. Version 2.2 introduced stricter rules for legitimate interest and vendor counts.
Google Consent Mode v2
A feature by Google that adjusts how its tags (like Google Analytics and Google Ads) behave based on the user's consent status. v2 introduced advanced signaling for advertising and personalization.
Local Storage
A web storage mechanism that allows JavaScript sites and apps to store and access data right in the browser with no expiration date. Under GDPR, storing tracking data here requires the same consent as cookies.
Session Storage
Similar to Local Storage, but the data is cleared when the page session ends (i.e., when the browser tab is closed).
Essential Cookies (Strictly Necessary)
Cookies that are required for a website to function correctly (e.g., security tokens, session IDs). They are generally exempt from consent requirements.
Legitimate Interest
A lawful basis for processing personal data under GDPR. However, many data protection authorities have clarified that it cannot be used as a bypass for cookie consent for tracking or advertising.