INTASTELLAR SOLUTIONSHelp Center
Versionv1

What do GDPR, ePrivacy, and TCF mean for cookie consent?

Orientation only. Laws and regulator guidance change; your lawyer decides what applies to you. Use this page to decode words in Intastellar and industry docs.

GDPR (EU General Data Protection Regulation)

Meaning: EU law governing personal data processing — lawful basis, transparency, rights, and accountability.

In practice: Consent is one lawful basis for some processing; it must be freely given, specific, informed, and unambiguous where the GDPR requires it for that activity. Other bases (e.g. contract, legitimate interests) may apply to different processing — your DPO or counsel decides.

ePrivacy / “cookie law”

Meaning: EU rules (and similar national laws) focused on terminal equipment access — often discussed together with cookies, similar technologies, and direct marketing electronic communications.

In practice: Even without cookies, tech that writes or reads storage on a device can fall under these rules in many setups — align technical implementation with legal advice.

Meaning: In privacy law, consent is a declaration of will agreeing to processing — not the same as merely continuing to browse.

In practice: Pair your banner UX and policy with counsel-approved wording; the main glossary explains consent in product terms.

Legitimate interest

Meaning: A lawful basis under GDPR for some processing without consent — when interests are balanced and visitor rights are respected.

In practice: Not a free pass for all marketing cookies; many ad/analytics use cases still need consent or another valid basis. Legal team only.

TCF (Transparency & Consent Framework)

Meaning: IAB Europe’s industry framework (v2.x) for signalling consent and legitimate interest choices to ad tech vendors — TC String, vendor list, CMP integration.

In practice: Intastellar Consents articles focus on site-owner and integrator basics; if you participate in programmatic advertising at scale, you may need a TCF-certified CMP and legal review — beyond this help center’s scope.

Data controller vs processor

Meaning: Controller decides why and how personal data is processed. Processor processes data on the controller’s instructions.

In practice: Your site is often a controller for analytics configuration; vendors may be processors or independent controllers depending on contracts — check DPAs and legal advice.

DPA (Data Processing Agreement)

Meaning: Contract terms required under GDPR (Article 28) when a processor handles personal data on behalf of a controller.

In practice: Keep signed DPAs for analytics, tag managers, and consent tools that process personal data on your behalf.

DPIA (Data Protection Impact Assessment)

Meaning: A structured assessment for processing likely to result in high risk to individuals — required in some cases under GDPR.

In practice: Large-scale tracking, profiling, or sensitive data may trigger a DPIA; your DPO or counsel leads this.

Last updated