Product Updates

Saudi Arabia and UAE banner updates

posted on January 4, 2022

Recent legislation requires a change to how cookie consent should be managed for users in the United Arab Emirates and Saudi Arabia. To comply with these new regulations, Osano Consent Management Platform (CMP) has updated the banners that are served to users in these regions. To enable the new banners on your site be sure to republish your configuration.  

Saudi Arabia has recently adopted the Personal Data Protection Law (PDPL), which will regulate data transfers and the collection, processing and sharing of personal data of residents and citizens of Saudi Arabia. The PDPL will go into effect on March 23, 2022, although additional regulations are expected. The new law provides rights to data subjects such as the right of access, correction and deletion, as well as the right to claim damages for material and non material harms. The PDPL requires consent for the collection of personal data, imposes data minimization principles and restrictions on retention as well as sharing of personal data. The maximum penalties of a provision of the regulations or rules are up to two years in prison or up to five million rials of fines. (Fines may be doubled if repeated offenses have occurred to up to ten million rials.) The law is clear that it applies to companies outside of Saudi Arabia that collect or process the data of individuals who are citizens or residents within the Kingdom.

Similarly, on Nov.  28, 2021, the UAE also enacted a comprehensive Personal Data Protection Law (PDPL), the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection. The new law applies to the processing of personal data of residents whether or not that processing takes place within the UAE and includes a fairly strict requirement for consent prior to processing personal data. The new law also provides data subject rights such as the right of correction and the right to restrict or stop processing of personal information. In addition, requirements outline the cross-border transfer and sharing of personal data for processing purposes. The law establishes the UAE Data Office, which will be responsible for preparing policies, additional regulation and guidance. The law became effective on Jan. 2, 2022.

To help you comply with this new legislation, Osano’s default banner behavior has been updated to show different banners to users in these regions. Because UAE and Saudi Arabia’s new laws enforce similar user protections as the European Union’s GDPR, these regions will now use the same banner with the ability to accept all, reject all and customize privacy preferences.

Again, to enable the new banners on your site be sure to republish your configuration.  

Why does this matter?

Both Saudi Arabia and the UAE's new laws provide data subjects with more rights than they previously had, and the updated banners ensure you're allowing them to exercise those rights. The banners help you to:

  • Comply with both new laws.
  • Help data subjects feel empowered.


Product(s) Affected

Core Platform



Updates to EU banners

posted on November 8, 2021

The regulatory landscape continues to shift as countries all over the globe continue to enact privacy laws. At the same time, regulators continue to issue guidance on how to best comply with the privacy rules those laws charge them with enforcing. 

Cookies, in particular, is a legal area that’s constantly in flux. Frequently, the debate is over when websites should be allowed to deploy tracking cookies on a website and for which purposes. Most importantly, how should websites deploying cookies communicate to end-users what’s happening with their data when they visit that site? That conversation is still evolving. 

The General Data Protection Regulation and the ePrivacy Directive are the governing laws here. But as companies experiment with different methods and designs to obtain consent to deploy cookies, regulators are getting more specific on rules for what the user interface should look like — at a minimum — to avoid regulatory scrutiny. 

Osano’s Consent Manager automatically displays a compliance pop-up to each end-user based on their geo-targeted location. Recently, EU regulators’ trending guidance indicates they want it to be as easy for an end-user to click “reject all” cookies as clicking “accept all.” And the Italian Data Protection Authority (known as the Garante) issued a requirement that goes a step further. The Garante has called for the presence of an “X” button within the cookie banner to symbolize the end-users’ ability to reject all but essential cookies.  

To ensure Osano customers can meet these new guidelines, the following will be added to the default banner experience in Belgium, Czech Republic, Denmark, Finland, Germany, Greece, Ireland, Italy, Netherlands, Spain and the U.K.:


  • An “X” allowing end-users to reject all tracking cookies. 
  • A “Reject All” button. 
  • A “Storage Preferences” link on the cookie banner’s first layer.

Here is what the Consent Banner for these countries looked like before:

Screen Shot 2021-11-05 at 3.15.24 PM

Here's what it looks like now: 

Screen Shot 2021-11-05 at 3.10.43 PM

Why does this matter?

Adding “Reject All” and an “X” to the consent banner in these EU jurisdictions and the U.K. positions Osano customers as compliant with the most recent compliance guidance from regulators. And including a link to more granular information about cookie deployment allows the privacy-focused end user to make a more informed decision on consent. 

Important: For customers using custom CSS to override the default banner experiences, we recommend testing this update on a staging site before publishing it to your production site to ensure there is no visual impact on your banner display.


Product(s) Affected

Core Platform



Chinese banner update

posted on October 7, 2021

Compliance with privacy laws means always staying on top of changes at the legislative level. Recently, China enacted its privacy law, the Personal Information Protection Law of the People's Republic of China (PIPL). It comes into effect Nov. 1, 2021. It contains stricter provisions on data processing and relies mainly on end-user notice and consent. Penalties for violating the law include fines for nearly 50 million RMB (Chinese currency) or 5% of an organization's annual revenue, based on the previous year's total. 

The law now mandates end users' explicit consent for a website to collect personal information. Personal information, as defined under the Chinese law, is any information that relates to an “identified or identifiable natural person."

So here at Osano, we changed the default banner to help customers comply with the new rules. Now, users accessing Osano from China will see a banner that requires them to explicitly consent to the use of cookies for tracking, analytics, personalization or marketing.

This change requires a "re-publish." 

Why does this matter?

The Osano banner now provides the end-user more information to help them make an informed decision on whether they consent to cookies. Users can opt-in or opt-out, whereas previously, the default was opt-in. If users don't make a choice, the assumption is they don't want cookies deployed for tracking, analytics, personalization or marketing.  

The new Chinese banner ensures:

  • Compliance with China's law.
  • User empowerment to make their own choices.

Product(s) Affected

Core Platform



The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Introducing Osano Privacy Legal Templates

Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts.

Learn more

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.


New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.


View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates