Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

CCPA Cookie Consent: What Do You Need To Know?

By Anas Baig | Reviewed By Maria Khan

Published July 17, 2023

Organizations heavily rely on cookies for various ways of online advertising. Cookies collect user’s personal information, share, disclose or sell it to other parties including ad-tech companies for the purposes of marketing. Since cookies are likely to identify website users, build their profiles, and collect and sell their information to other parties, there has been a growing concern for user’s data privacy.

Most global privacy regulations use notices to inform users about cookies. These can be classified as either opt-in or opt-out consent regime.

In an opt-in consent regime, the user’s consent is required before the use of cookies. Such jurisdictions function on explicit consent requirements, i.e. the website users are explicitly asked to provide their consent to collect and process their information. Users on the other hand can grant or deny consent. On the other hand, in the opt-out consent regime, the user’s consent is not required before the use of cookies. However, organizations are still required to provide users an option to object to collect or sell their personal information and inform users about the use of cookies.

The California Consumer Privacy Act (CCPA) is based on an opt-out cookie consent regime. Website publishers can only load non-essentials cookies once they have displayed the cookie notice consisting of relevant information about the use of cookies.

A CCPA compliant cookie notice must include the following:

— Information about the use of cookies and their purposes:

Under the CCPA, organizations that collect personal information from users must inform users at or before the point of collection, about the categories of personal information collected and the purpose for which the personal information will be used. This can be done by providing conspicuous links at or before the point of collection of personal information.

The California Privacy Rights Act (CPRA), which will replace the CCPA soon, enhances this obligation by requiring organizations to also include in their notices information on whether personal information is sold or shared and the length of time the organization intends to retain each category of personal information, or if not possible, the criteria used to determine such period.

— Notice of the right to opt-out of the sale of personal information:

Under the CCPA, organizations must allow users to opt-out of the sale of their personal information by displaying a clear message and prominent link titled “Do Not Sell My Personal Information” enabling users to opt-out of the sale of their information. This link should be easy to read and understandable for users. The link will provide users a description of the user’s right to opt-out, an interactive form and instructions by which users can submit their request to opt-out of the sale of their personal information.

— A link to organization’s privacy policy

Under the CCPA, organizations must display a link to the organization’s privacy policy, or in the case of offline notices, a link to an online notice at the point of collection of personal information. The privacy policy should be posted online through a prominent link through a conspicuous link using the word “privacy” on the organization’s website homepage or the download or landing page of a mobile application. It should be easy to read and understandable for users.

The privacy policy should contain all the relevant details including the information about a user’s right to know about personal information collected, disclosed, or sold, right to request deletion of personal information, right to opt-out of the sale of personal information, right to non-discrimination, information about authorised agent, contact for more information, the date on which the privacy policy was last updated and the description of the required processes if an organization sells personal information belonging to minors.

— Opt-in consent for the sale of personal information belonging to minors

Where an organization has actual knowledge that the consumer or a website user is less than 16 years of age, it must rely on the explicit opt-in consent for the sale of their personal information. Organizations must obtain consent from users if they are at least 13 years of age and less than 16 years of age and from parents or guardians of users where they are less than 13 years of age.

It is clear that organizations cannot drop any cookies that have not been disclosed to users via notice. If an organization intends to use any additional cookies, it must inform the user.

In addition to the requirements mentioned above, organizations must maintain updated cookie consent records. Such records must include the date of the request of opt-in/opt-out, the nature of such request, the manner in which the request was made, the date of the organization’s response to the request, the nature of the response, and the basis for the denial of the request if the request is denied in whole or in part. Such consent records must be maintained for at least 24 months.

How Securiti can help?

With the legal requirements pertaining to cookies and consent becoming stricter with time, organizations need to be mindful and adopt their consent policies accordingly. In particular, organizations must devise ways to ensure that cookies are not dropped without the consent or knowledge of the website user.

Securiti’s Cookie Consent Management Solution enables organizations to build cookie consent notices in accordance with the applicable legal requirements with cookie auto-blocking, periodic scanning, and preference center features.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.

Take a Tour

First Name

Last Name

Role

Platform Location

Language Preference

Yes, I consent to receive email updates about Securiti.ai products, services, and offers. I understand that I can unsubscribe at any time. By submitting your information, you agree to the terms outlined in our privacy policy.

Note: Your credit card will be charged at the end of the 30 day free trial period and your subscription will be automatically renewed monthly/yearly. You can cancel your subscription at any time

The California Consumer Privacy Act (CCPA) doesn't explicitly accept or reject cookies. However, it does require businesses subject to CCPA regulations to provide clear and conspicuous notices to consumers, including information about the types of personal information collected, including through cookies, and consumers' rights regarding that data.

A CCPA cookie pop-up, often referred to as a "Do Not Sell My Personal Information" pop-up, is a user interface element on a website that allows visitors to opt-out of the sale of their personal information, including data collected via cookies, as required by the CCPA.

In the context of the CCPA, a "cookie" typically refers to a small piece of data stored on a user's device when interacting with a website or online service. This data may include information about the user's online behavior or preferences and can be considered "personal information" under the CCPA.

The CCPA applies to businesses that meet specific criteria and generally covers the collection and sale of personal information, including that collected through cookies. However, not all cookies are subject to CCPA requirements, and exemptions and exceptions may apply depending on how the data is collected and processed.

PrivacyOps: Rethinking Privacy Compliance as CCPA Becomes Reality

— Information about the use of cookies and their purposes:

— Notice of the right to opt-out of the sale of personal information:

— A link to organization’s privacy policy

— Opt-in consent for the sale of personal information belonging to minors

How Securiti can help?

Privacy Center
Fully Functional In Minutes

Frequently Asked Questions (FAQs)

Newsletter

Company

Resources

Terms

Get in touch

CCPA Cookie Consent: What Do You Need To Know?

PrivacyOps: Rethinking Privacy Compliance as CCPA Becomes Reality

CCPA - an opt-out cookie consent regime

— Information about the use of cookies and their purposes:

— Notice of the right to opt-out of the sale of personal information:

— A link to organization’s privacy policy

— Opt-in consent for the sale of personal information belonging to minors

How Securiti can help?

Privacy Center Fully Functional In Minutes

Get Started

Email already in use

Unexpected error occurred

Frequently Asked Questions (FAQs)

Join Our Newsletter

Share

More Stories that May Interest You

CPRA Cookie Consent – All You Need To Know [2024 Guide]

LGPD & Cookies: What Do You Need To Know?

Opt In vs Opt Out Consent: What’s the Difference?

Newsletter

Company

Resources

Terms

Get in touch

What'sNew

Privacy Center
Fully Functional In Minutes

What's
New