GDPR and CCPA Cookie Management

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation that mandates how companies and organizations handle personal data. The regulation requires businesses to obtain specific approval from EU zone users before tracking them in any way. Companies must keep a record of any personal data processing activities.

Businesses that provide services or products for users in the EU and that process any kind of personal data, including the embedding of third-party tracking services from Google or Facebook, need to obtain prior consent from the EU user prior to loading any cookies on the website.

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a data privacy law that regulates the way companies handle the personal information (PI) of California residents. Under the CCPA, California residents have the right to opt out of having their personal data sold to third parties. They also have the right to request the disclosure of any data already collected and can request deletion of data collected. Additionally, California residents cannot be discriminated against based on their choice to exercise their rights under the law.

Some of the provisions of the law include:

• Websites must feature a Do Not Sell My Personal Information link that will allow users to opt out of third-party data sales.
• The website’s privacy policy must include a description of the consumer’s rights and how to exercise these rights. The privacy policy must also contain an annually updated list of the categories of personal information that the company collects, sells and discloses.

Failure to comply with the CCPA can result in fines for businesses of $7,500 per violation and $750 per affected user in civil damages for businesses.

How does Cookiebot help?

The Cookiebot Consent Management Platform (CMP) ensures compliance with the GDPR and the CCPA. The Cookiebot CMP deep-scans your website to discover all cookies and similar trackers, and to automatically control them.  Your website’s end-users will know what personal information is collected and what third parties it is shared with. 

Cookiebot CMP also enables CCPA compliance for businesses by implementing the required “Do Not Sell My Personal Information” link with the cookie declaration generated by the scanner, as well as offering opt-in banners needed for the consent of minors under age 16.