What Are the NJDPA Cookie Consent Requirements?

Everything you need to know about NJDPA cookie consent compliance in 2026. Complete guide covering opt-out requirements, cookie banner elements, consent records, and technical implementation for United States - New Jersey.

Opt-out GPC Required Children's Privacy Rules

Summary

This guide provides comprehensive technical implementation requirements for New Jersey (NJDPA). Opt-out rights for targeted advertising, sale, and profiling. Must honor universal opt-out mechanisms (GPC).

This jurisdiction follows an opt-out consent model, meaning websites can place certain cookies initially but must provide clear mechanisms for users to opt-out of non-essential tracking. Users must be informed about cookies and given easy options to refuse them.

Additional requirements for this jurisdiction include: recognition and automatic honoring of Global Privacy Control (GPC) signals sent by users' browsers, special protections and consent mechanisms for children's personal data.

Website owners and operators subject to these regulations must implement compliant cookie consent banners, maintain proper consent records, and ensure their tracking technologies respect user privacy choices. This guide outlines all technical requirements needed to achieve compliance.

Key Requirements Overview

Consent Model

Opt-out

Default State

Mixed

Cookie Walls

Discouraged

Technical Requirements

Prior consent for non-essential cookies

Purpose granularity required

Equal prominence for accept/reject buttons

No pre-checked boxes allowed

Dark patterns prohibited

Proof of consent required

Local storage covered by regulation

Implementation Guidance

New Jersey's NJDPA took effect January 15, 2025; its universal opt-out mechanism (GPC) recognition requirement phased in roughly six months after the effective date. Honor GPC automatically and provide a clear opt-out for targeted advertising and sale. The NJ Division of Consumer Affairs has rulemaking authority and has been developing detailed regulations, so monitor for additional technical requirements.

Special Protections

Children's Privacy

Opt-in consent required to process personal data for targeted advertising, sale, or profiling where the controller knows or willfully disregards that the consumer is 13-16. Under-13 handled under COPPA.

Sensitive Data

Opt-in consent required for sensitive data processing.

Record Keeping Requirements

Required Consent Record Fields

For each consent action, you must maintain records containing:

Timestamp ISO
Opt Out Status
Gpc Signal Status
Policy Version

Re-consent Trigger: Not Required Generally

CookieChimp handles all of this automatically. Our platform maintains comprehensive consent records including all required fields, timestamps, consent strings, IP addresses, user agents, and more. Records are securely stored and easily exportable for compliance audits. Learn more about our consent management

Legal References & Resources

Official legal documents and regulatory guidance for this jurisdiction:

New Jersey Data Privacy Act (S332)

https://www.njleg.state.nj.us/bill-search/2022/S332

Frequently Asked Questions About NJDPA Cookie Consent

New Jersey (NJDPA) is a privacy regulation applicable in United States - New Jersey. Opt-out rights for targeted advertising, sale, and profiling. Must honor universal opt-out mechanisms (GPC). It requires websites to provide clear mechanisms for users to refuse non-essential cookies (opt-out model).

Yes. Under NJDPA, websites must display a cookie consent banner that includes: opt out of targeted ads link, link privacy policy, manage preferences button. The banner must be shown to inform users about cookie usage and provide opt-out options.

NJDPA follows an opt-out consent model. This means websites may place certain cookies but must provide clear and easy ways for users to opt out of non-essential tracking.

Yes. NJDPA requires websites to recognize and automatically honor Global Privacy Control (GPC) signals sent by users' browsers as a valid opt-out request.

NJDPA requires maintaining consent records that include: timestamp iso, opt out status, gpc signal status, policy version.

Legal Disclaimer: For engineering implementation guidance only. Not legal advice. This guide provides technical implementation guidance only and should not be considered legal advice. Privacy laws are complex and frequently updated. We recommend consulting with qualified legal counsel to ensure full compliance with applicable regulations.

Found an issue or have feedback on this page?