Just when you thought you were on top of all the important legislation affecting your company, a new personal data law promises to make life more complicated for businesses. Under the newly enacted California Consumer Privacy Act (CCPA), your company is now subject to various provisions relating to consumers’ right to access and control the use of their data.
For example, website cookies and tracking scripts can collect IP address information, which is considered personally identifiable information under the CCPA. Consequently, companies will be required to obtain consumers’ express consent before using such technology on their sites and mobile apps.
What are cookies used for? (And we're not talking about office snacks!)
Websites use cookies to remember personal details or preferences that can then be used to serve ads or present specific offers to the user. This is essentially what you do when you sign up for an account on the website, which keeps your email address to send you promotions and updates about your account.
Organizations rely on cookies in numerous ways for online advertising. Cookies collect users' personal information such as their IP address and search history. It's then shared with other parties such as ad-tech companies that use the data to build profiles about users' internet activity and interests. This data can be sold to third parties who use it for marketing purposes. Since cookies are likely to identify users and build a profile of them, there has been a growing concern among web users for their own privacy.
Consider this information to be personally identifiable information or PI. This means that a business has data about their users’ online shopping habits and market trends so they can sell targeted advertisements at the appropriate time.
How can you make sure your company is compliant?
In the United States, there are two important data privacy regulatory statutes that business owners need to be aware of: the California Consumer Privacy Act (CCPA), and the EU GDPR.
The former is a California state law that went into effect on January 1, 2020, while the latter has been a European Union directive since May 25, 2018.
Both require businesses to provide consumer information regarding data collection and make it difficult for companies to tie marketing databases with cookies or other tracking files.
When a website operates in a specific jurisdiction, it is often obligated to abide by local laws. Regulations - or laws - can change from country to country and they can also have different names throughout the world. For example, one might call a certain law “privacy regulations” while another might call it “data privacy regulations”.
Although seemingly similar at first glance, over time these two terms have come to refer to slightly different things. The difference between privacy regulations and data privacy regulations stems from the fact that privacy regulations generally protect personal information whereas data privacy regulations specifically define who owns your data.
Regulating regions are not always entirely clear about how to define things and aren't even the same. But because technology companies tend to internationally focus on protecting user information rather than controlling global markets, opt-out-style cookie consent policies are usually advised for CCPA compliance.
What type of cookie policy is required?
The CCPA requires that businesses have an updated policy that discloses information about their use of cookies and data collection practices.
In order for businesses to have a truly CCPA-compliant cookie policy, it needs to include certain key components such as:
Types of Cookies on the Website
Categories of personal data
Purpose of collecting data
Retention period
How can you stay ahead of these privacy regulations?
Cookies can be difficult to control since they often load other cookies that can change on repeated visits. You may not even be aware of some of the ones operating in the background of your site and can't anticipate how they could potentially impact you and your customers.
This makes you vulnerable to unknowingly violating the law and facing fines as a result. To help ensure this doesn't happen, use a consent management platform to detect all the cookies and trackers in operation and consensually manage them to ensure compliance with both the CCPA and GDPR.
How does Adzapier Cookie Consent management work?
Adzapier Cookie Consent Management is a tool that can help you legally adopt standards for cookies and various tracking technology. Rules about how cookies work on websites are strict and enforced by both the CCPA and GDPR guidelines.
However, with Adzapier you can automate the process of finding these types of cookies on your website with a quick scan, as well as making sure you're adhering to all relevant rules. This helps make sure your business is always legally compliant when it comes to technology for collecting information from visitors.