Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Cookie Consent Regulatory Updates: How to Maintain Compliance

734 visualizaciones

Publicado el

Staying up to date with the latest global cookie policy requirements can be difficult. Following the GDPR, there have been many recent rulings, legal commentary, and industry framework updates that have modified requirements – requiring organizations to stay hyper-vigilant in order to maintain cookie compliance.

As the upcoming Irish Data Protection Commission (the "DPC") October 2020 enforcement date approaches, organizations are scrambling to understand the consent mechanism updates and how to be able to stay agile enough to quickly implement future regulatory changes.

Join us as we walk through recent cookie policy updates and provide guidance on how to utilize TrustArc Cookie Consent Manager to help you meet the new regulatory requirements.

This webinar will review:
-Recent rulings and legal commentary (CJEU ruling, German Court, EDPB, Belgian DPA, Ireland DPA, and CNIL)
-Industry framework updates (IAB EU and CCPA)
-Upcoming regulatory requirements (CCPA, ePrivacy regulation)

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Cookie Consent Regulatory Updates: How to Maintain Compliance

  1. 1. © 2020 TrustArc Inc. Proprietary and Confidential Information. Cookie Consent Regulatory Updates: How to Maintain Compliance “A bite at a time…” September 30, 2020 1
  2. 2. Speakers 2 Ralph T O'Brien CIPM, CIPT, CIPP/E, BSi LA, CISMP (Dis), FIP Principal Consultant, Europe TrustArc Matt Ferrell Sr. Product Manager TrustArc
  3. 3. Agenda 3 ● Recent EEA rulings and legal commentary (CJEU ruling, German Court, EDPB, Belgian DPA, Ireland DPA, and CNIL) ● Upcoming regulatory requirements (CCPA, ePrivacy regulation) ● Industry framework updates (IAB EU and CCPA)
  4. 4. © 2019 TrustArc Inc Proprietary and Confidential Information EEA: Recent rulings and legal commentary
  5. 5. ePrivacy is a directive not a regulation… …Therefore although most member state have adopted a law in the spirit of the ePrivacy directive, definitions, laws, guidance and enforcement differ from country to country across the EEA… …A new ePrivacy regulation has been proposed to arrive in conjunction with the 2016 GDPR, but has stalled through multiple EU presidencies. Wide scale non-compliance, and little enforcement. The trouble with cookies…
  6. 6. A number of judgements… ● Summary and legal context ● Planet49 use case judgement ● CJEU holding ○ Opt-in versus opt-out ○ Specific consent ○ Consent for non-personal data cookies ● Telemedia Act interpretation Website operators should… ● Disclose information about all cookie operations requiring consent, including the duration and third parties as well as their roles and functions. ● Obtain consent through an affirmative opt-in action. ● Avoid bundling consent. Users should be given the ability to make granular decisions. ● Implement a zero-cookie load solution. ● Provide a method for a user to withdraw consent at anytime. ● Keep a record of consent for accountability purposes. 6 Bundesgerichtshof & Court of Justice of the European Union
  7. 7. In Practice
  8. 8. ● May 4, 2020 EDPB adoption of consent guidelines ● Elements of valid consent ● Differences from Article 29 Working Party consent guidelines (April 2018) ○ Cookie walls ○ Implied consent from ambiguous actions (are not consent) ● Key takeaways and recommendations Key takeaways and recommendations ● Tear down that (cookie) wall! ● Consent manager cannot deem scrolling, swiping, or continued browsing of a webpage or use of a mobile app to constitute consent. European Data Protection Board (EDPB)
  9. 9. In Practice ‘GDPR experience’ for EEA CCPA Banner 9 Mobile Apps
  10. 10. July 2019 ● Disclose all third-party recipients before obtaining consent. ● Provide granular consent for each purpose of processing. ● Provide an easy way to withdraw consent. ● Limit cookie lifespan to 13 months for analytics cookies and other cookies to 25 months. ● Keep a record of consent. January 2020, CNIL draft consent recs. 1. Use simple consent UI, including a UI to decline cookies. 2. Use a neutral design. No nudging users to consent. 3. Record; (1) individual user consent, and (2) proof that consent mechanism is valid. 4. Transparency; a. Level One: purposes of the cookies, complete list of companies using the cookies and their roles, and a mechanism to enable the user to opt in or decline the use of non-essential cookies. b. Level Two: Describe the scope of the consent given, including whether the consent covers other websites. CNIL - French Data Protection Authority French Council of State held in June 2020 that CNIL cannot ban cookie walls altogether, but that doesn’t make cookie walls legal for data subjects in France.
  11. 11. In Practice √ X
  12. 12. April 2020 cookie sweep, enforcement Oct… ● Analytics cookies require prior consent. ● Zero cookie load. ● Consent via a cookie banner or pop-up is acceptable, if... ○ Notice given for specific purposes of non- required cookies and allows for rejecting non-required cookies, ○ No "nudging" a user into accepting cookies. ○ Checkboxes or toggles clearly marked as ON or OFF. ● Users must be able to change their cookie preferences at any time. ● A cookie used to store user's consent should have a lifespan of 6 months. ● No implied consent. No pre-checked boxes and or sliders set to ‘on’. ● A cookie consent banner must not obscure the text of the privacy or cookie notice. Users must always be able to read the cookies and privacy notices without any cookies being set (except for essential cookies). ● Accessibility must be taken into account in designing interfaces to accommodate people with vision impairments or color blindness. DPC - Irish Data Protection Authority
  13. 13. 13 5 October Deadline
  14. 14. In Practice 14
  15. 15. Belgian Data Protection Authority (the "DPA") cookie guidance, Apr 2020 Cookie Lifespan ● No unlimited lifespan. ● Delete essential cookies once their purpose has been achieved. Consent ● Obtain consent for all non-essential cookies (including analytics and social media plugins). ● Obtain consent prior to use of cookies. ● Offer granular consent options. ● Keep a record of consent. ● Consent should be as easy to withdraw as it is to give. ● “Cookie walls” are not permitted. ● Consent must be from unambiguous affirmative action. Belgian Data Protection Authority
  16. 16. Transparency ● Give all relevant information prior to obtaining consent, including... ○ The entity responsible for the use of cookies, ○ The cookies’ purposes, ○ The data collected through cookies, and ○ The cookie lifespan. ● Must give notice of users’ rights, including the right to withdraw consent. ● Have a cookie notice which discloses... ○ The types of cookies used ○ Cookie purposes and lifespan ○ Whether third-parties have access to such cookies ○ Information about how to delete cookies; ○ The legal basis for the use of cookies ○ Individuals’ rights and the ability to make a complaint to the supervisory authority; and ○ Information about any automated decision making, including profiling. Belgian Data Protection Authority
  17. 17. In Practice Stand-alone Embedded 17
  18. 18. © 2019 TrustArc Inc Proprietary and Confidential Information Upcoming Regulatory Requirements
  19. 19. ● Are the CCPA Regulations final yet? ● When will the CCPA Regulations be enforced? (Oct. 1, 2020… probably) ○ ○ Key takeaways and recommendations ● Interpret browser privacy settings as a valid request to opt out of the sale of personal information ● For users opting in after having opted out, a second confirming step is required. This means that a user must clearly request to opt-in and then, in a separate step, confirm their choice to opt in. CCPA
  20. 20. In Practice DNT is back! Are you sure? 20
  21. 21. © 2019 TrustArc Inc Proprietary and Confidential Information Industry Framework
  23. 23. © 2019 TrustArc Inc Proprietary and Confidential Information Simplify Global Cookie Compliance
  24. 24. Deliver a branded experience Customize the full consent experience from design to delivery, all tailored to your brand Take control of GDPR, CCPA, and beyond Demonstrate compliance Receive a detailed report that provides an audit trail on the consent behaviour of your users Meet global regulations Configure the consent experience to display the applicable consent banner based on user's location Understand website’s tracking behaviour Automatically detect and categorize tracker changes through scheduled website scans, reflecting updates in your Cookie Policy With 7 years of proven success, our industry-leading Cookie Consent Manager provides a configurable solution that enables organizations to meet cookie compliance requirements across the globe while delivering a branded consent experience. 24
  25. 25. Deliver a customized consent experience Meet global consumer consent requirements and display the applicable consent banner based on user’s geolocation. Configure the consent approach Customize the full consent experience, from design to delivery, all tailored to your brand Deploy with ease Add a simple JavaScript tag to the website for quick deployment Integrated solution Integrate with your tag management system and meet different consent use cases, including “zero- cookie load” Multi-Language Support Detect browser language preference and support any languages including 45 default languages 25
  26. 26. © 2019 TrustArc Inc Proprietary and Confidential Information Q&A
  27. 27. Upcoming Webinars 27 Past Webinars Building Consumer Trust through Data Subject Rights / DSAR Management October 14, 2020 @ 9:00 PST The Brazilian LGPD is Here: What You Need to Know Free Download How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requirements Free Download
  28. 28. © 2019 TrustArc Inc Proprietary and Confidential Information Thank You! See for the 2020 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to for a free demo.