About Doğancan
Doğancan Doğan is a solution engineer who has led consent management and privacy tooling implementations for more than 200 corporate websites across North American, European, APAC, and LATAM jurisdictions. His day to day work focuses on the operational side of CCPA, CPRA, and GDPR: scoping which scripts fall under the regulations, wiring consent signals into Google Tag Manager and server-side containers, tuning banners for symmetrical choice and GPC recognition, and auditing implementations after Attorney General sweep letters. He writes for Consenteo to translate what actually works in production back into guidance that other privacy and engineering teams can act on.
Areas of focus
- CCPA / CPRA consent architecture
- GDPR lawful basis and consent
- Google Consent Mode v2
- Server-side tag management
- Global Privacy Control (GPC) handling
Latest articles by Doğancan
16 articles published in the Consenteo Knowledge Hub.
The Honda, Ford, and Disney CCPA Cases: What Every Cookie Banner Designer Must Learn
Three enforcement actions, $3.76M in combined fines, and a pattern so consistent it amounts to a design spec. A close reading of the Honda, Ford, and Disney CCPA settlements for privacy engineers and product teams who own the banner.
Opt-Out Without Verification: CCPA Form Design That Doesn't Get You Fined
Honda and Ford were fined for the same pattern: requiring identity verification before processing a CCPA opt-out. A practitioner's guide to designing an opt-out form that scopes the request, honors the right, and doesn't trip the per-violation enforcement math.
GDPR Cookie Consent in 2026: ePrivacy, Legitimate Interest, and What Actually Compliant Looks Like
The ePrivacy Regulation was withdrawn in February 2025. The CNIL fined Google €325M and Shein €150M in September 2025. The EDPB expanded the scope of Article 5(3) to pixels and fingerprinting. A practitioner's guide to GDPR cookie consent in 2026, grounded in the regulation text, the CJEU case law, and the enforcement actions that define the line.
Google Consent Mode v2, GPC, and the IAB GPP: The Unified Implementation Guide
A code-first walkthrough of the three signals that actually matter for consent in 2026: Google Consent Mode v2 (ad_storage, analytics_storage, ad_user_data, ad_personalization), Global Privacy Control (Sec-GPC header), and the IAB Global Privacy Platform (GPP string). How to wire them together, the common race conditions, and the middleware code.
The US State Privacy Law Tracker for 2026: Twenty Laws, One Compliance Baseline
Twenty US states now have comprehensive privacy laws. Twelve require honoring Global Privacy Control. Only California gives consumers a private right of action. A practitioner's map of the applicability thresholds, the rights, the UOOM requirements, and the realistic compliance baseline for a business operating nationally.
Third-Party Cookies in 2026: What Actually Happened After Google's Reversal
Google kept third-party cookies. Safari, Firefox, and Brave still block them. Privacy Sandbox shut down in October 2025. And browser behavior doesn't change your legal obligations under ePrivacy or CCPA. A clear-eyed read on where cookies actually stand in 2026.