Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Understand Cookie Policy Requirements Under CCPA, GDPR & Other Laws

By Anas Baig | Reviewed By Maria Khan

Published January 13, 2022

Creating a personalized browsing experience for users has long been the pillar behind most user retention and growth strategies. Cookies have played an instrumental role in that process by giving businesses access to user browsing and conversion data. Creating a personalized browsing experience for users has long been the pillar behind most user retention and growth strategies. Cookies have played an instrumental role in that process by giving businesses access to user browsing and conversion data.

However, with heightened scrutiny of data collection via cookies, and data subject rights, a comprehensive cookie policy is now essential for any business.

Cookies play an essential role in building a better browsing experience for users. Through various types of cookies, a website can collect critical information about the browsing behavior of its visitors. This information can be used to show more relevant content, products, and ads, enhancing the user's experience.

That's the positive side of cookies. However, since cookies rely on access to user data to provide businesses with these insights, there have always been questions about the ethical usage of cookies, particularly the transparency on the use of cookies by businesses.

A cookie policy is any business's best tool to communicate what kind of cookies it uses, the information it collects, how they enhance the user browsing experience, and most importantly, how users can opt-out of having these cookies installed on their devices.

A cookie policy is often considered a part of any business's overall privacy policy. However, to ensure clarity, it is recommended that businesses create a separate page on their site dedicated to their cookie policy.

Cookie Policy Example & Template

A standard cookie policy should explain what cookies a website uses and why they're only collecting data that would contribute towards enhancing the users' browsing experience. However, since each business has a different policy towards the use of cookies, it is recommended that a business make adjustments accordingly to reflect the difference in their cookie-related practices.

Here's a standard cookie policy template that any business or website can adopt:

Assuming we are keeping cookie policy and privacy policy together, a section on cookies must include the following information:

Definition and generic function of cookies,
Information on strictly necessary cookies, their purposes, and that they will always be activated,
Data controller’s name and identity,
Data processors’ names and identities,
Full list of recipients or categories of recipients who will obtain personal data through the processing of cookies,
Cookie categories with all of the below information for each cookie category:
- Name and domain,
- Cookie processing purposes, features of cookies corresponding to legitimate purposes,
- The user’s ability to withdraw and change consent,
- Expiration date,
- Retention period for data collected with the cookies,
- Service name,
- Service privacy policy (URL),
- The place of origin of cookies (source script),
- The parties engaged in the processing and transfer of cookies (first, second, third, and fourth parties).
Information on any potential risks associated with allowing third party cookies including the compilation of long-term records of individuals’ browsing histories and the use of such records to send targeted advertising,
Information on users’ rights to access, correct, delete and restrict the processing of personal information in connection with personally identifiable cookies,
Information on users’ ability to lodge a complaint with a supervisory authority against data controllers and processors,
Information on the use of cookies for automated decision-making and profiling, where applicable. When profiling involves decision-making automated with legal effects for the user or significantly affect users similarly, it will be necessary to inform the user on the logic used as well as the significance and expected consequences,
Information on any potential risks in relation to cross-border cookie transfer including any risks arising in the absence of an adequacy decision and/or inadequate data protection standards in the foreign country.

Cookie Policy Under Data Protection Laws Globally

While it was in the interest of businesses to be clear about their cookie collection practices, it started becoming a legal requirement once data privacy laws mandated them as such.

The European Union's General Data Protection Regulation (GDPR) remains arguably the most thorough piece of legislation that deals with the question of how websites can use cookies. The GDPR's regulations for websites using cookies is as follows:

Obtain users' consent before you use any cookies except strictly necessary cookies.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
Document and store consent received from users.
Allow users to access your service even if they refuse to allow the use of certain cookies
Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

Naturally, it wasn't long until other data protection laws were passed globally with varying degrees of requirements and mandates for cookies. The California Privacy Rights Act (CPRA) is another such legislation that took inspiration from the GDPR regarding the cookie policy. As far as the cookie consent is concerned, the GDPR is unequivocal in stating that the user must expressly agree to having cookies stored. Moreover, it clarifies that the following actions do not constitute as consent:

General actions undertaken by the consumer, such as agreeing to broad terms of use that describe personal information processing alongside unrelated information;
"Hovering over, muting, pausing, or closing a given piece of content"; or
Using so-called "dark patterns" to manipulate or mislead consumers into providing consent (defined as "a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice").

Nearly all other major data protection laws such as the LGPD have a similar stance towards giving users a reasonably informed agreement regarding cookies. Businesses must have valid reasons for requesting user consent to enable cookies, with separate consent required for functions other than the most basic services. Businesses cannot use "consent walls" to deny users access to the site or their primary services.

How Securiti Can Help

Cookies have long proven an effective tool for businesses to learn how best to serve their users. However, privacy issues related to the data these cookies collect and global data protection laws require businesses to rethink their approach towards their cookie policy.

Securiti is a market leader in data compliance and data governance. Its artificial intelligence and machine learning-based tools can help enterprises of all sizes address their data privacy-related compliance issues, such as cookie consent management. Similarly, its privacy policies & notice management tool allow businesses to maintain a dynamic policy on their site that is regularly updated to ensure compliance with all major data protection laws.

With the sheer amount of data involved, automation is the most cost-effective solution and the most effective one.

Request a demo today and see how Securiti can help your business.

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.

Take a Tour

First Name

Last Name

Role

Platform Location

Language Preference

Yes, I consent to receive email updates about Securiti.ai products, services, and offers. I understand that I can unsubscribe at any time. By submitting your information, you agree to the terms outlined in our privacy policy.

Note: Your credit card will be charged at the end of the 30 day free trial period and your subscription will be automatically renewed monthly/yearly. You can cancel your subscription at any time