Cookie Banners & Privacy Policy

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 41 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Transcription
00:01
welcome everyone toe lesson six point to, as we discussed how the presence of cookies on a website
00:07
will require organizations to make adjustments to both their privacy policy and update or even deployed for the first time. Ah, cookie banner. In order to maintain CCP a compliance,
00:17
let's jump right into it.
00:19
Our learning goals and objectives for less than 6.2
00:23
first will be to review the cookie specific adjustments that must be made to your privacy policy
00:28
again.
00:29
When we were in Module four, we reviewed all the requirements of a privacy policy.
00:34
If your company is deploying cookies or if cookies are otherwise deployed on your website, there are additional requirements. Now
00:41
we will outline those in this lesson.
00:44
Item number two. It is very possible that your company is deploying or welcoming cookies to your website.
00:50
If that is the case, you also need to have cookie banners present.
00:54
Why?
00:55
Because that is a notice and transparency requirement.
00:58
We will get into that in this lesson,
01:00
then learning objective number three. My favorite way to learn is to look at Riel World examples of cookie banners and privacy policy updates.
01:08
We will do all that again. In this lesson,
01:11
let's press on
01:12
the duty to inform consumers about your data. Handling practices absolutely applies to cookies.
01:19
Why?
01:19
Because the CCP A was established to ensure notice and transparency.
01:25
That requirement absolutely carries over to the use of cookies on your website and buy your business.
01:30
The concern here mainly focuses on the fact that cookies can store and transfer information on users, computers or on their personal devices without their knowledge or consent.
01:40
This was something that the drafters of the CCP A were particularly worried about.
01:44
They understood that in order to completely update the way that consumers interacted with the Internet, they also needed to update the requirements of how cookies air handled by companies.
01:53
This absolutely is within the scope of C. C. P. A. And why it requires an entire module in this course.
02:00
With that as a background,
02:01
there are about four additional requirements that you need to include in your privacy policy as it relates to cookies.
02:07
Number one.
02:08
You need to identify in your privacy policy which types of cookies air used on the website.
02:15
If at this point you believe that your website does use cookies I recommend pausing the video and writing down all four of these items because they are going to be required of you.
02:23
If you are ever reviewed by our regulator, they're going to ask. Well,
02:28
why didn't you identify your cookie handling practices?
02:30
The first one
02:32
you need to identify which types of cookies are used on the website.
02:38
Number two.
02:38
You need to identify which categories of personal information each cookie collects.
02:45
You might notice. This highly mimics the categories of personal information your company collects writ large.
02:50
Now they also want to know the categories of information that cookies are collecting.
02:55
Number three.
02:57
Identify any third parties that receive personal information thanks to cookies.
03:01
This is different
03:04
if you recall your privacy policy previously needed to identify the categories of third parties that receive personal information.
03:10
But if you're doing this via cookies, you need to identify the specific third parties.
03:16
This could be a great instance where using data mapping exercises or data inventory is going to help you identify which third parties or cookies interact with.
03:25
Then item number four.
03:28
You need to inform your consumers California residents how to control or stand down cookies.
03:35
This again is similar to informing residents of California how they can exercise their rights under the C C p. A or how parents can exercise their ability to opt into the sale of their child's information.
03:47
Essentially, your privacy policy, as you notice as we go through these materials,
03:52
is going to have to be Mawr and Mawr Interactive with the users.
03:58
That includes the updates that are required of you to including your privacy policy.
04:02
I'm actually including in this instance an example from the I A peep.
04:06
This is copy and pasted directly from the I A PPS privacy policy.
04:12
You'll notice here they identify which types of cookies they use on their website.
04:15
They identify the essential cookies, the analytical cookies and the marketing cookies.
04:21
If you recall, I identified that you need to call out specifically the marketing cookies. The C C P. A. Is not all that worried about essential cookies. Nor is it worried about analytic cookies.
04:31
You do need to, however, identify which cookies you're using.
04:35
You see here the I P P identifies those exact cookies
04:41
nicely on the right side of your screen. It even identifies how to block those cookies by using cookie consent tools, etcetera.
04:47
This is a great example.
04:49
You'll notice specifically for marketing cookies. Marcato is a third party vendor that is supporting the cookie.
04:56
I A P P. To their credit, is identifying the categories of personal information and the individual entities that are going to be receiving information as a consequence of that cookie being present.
05:08
Great example. To follow. I highly recommend it.
05:12
No,
05:12
if you recall separate from your privacy policy, there are also notice requirements when you are collecting information.
05:18
Why?
05:20
Because at this point of collection, individuals need to be aware that you are collecting personal information. We had an entire lesson on that In module four.
05:29
That same rule applies to cookie banners.
05:31
Now
05:32
what is required of a cookie Banner
05:35
Item number one
05:36
You need to alert the user that cookies air present.
05:40
You need to alert the user which categories of personal information a cookie might collect.
05:45
The cookie banner also needs to justify whether third parties will receive personal information thanks to the cookie.
05:50
As you can suspect, the cookie banner needs to identify how to control or stand down these cookies.
05:58
Now this is separate from the privacy policy.
06:01
I'm sure you've seen these been surfing through the website of your choice. A cookie banner appears.
06:06
Feel free to pause this video, go to your favorite website and see if all four items that I've mentioned here are appearing in the cookie banner.
06:13
That's your way of knowing whether the company is attempting to comply with the ccps cookie banner notice requirements.
06:19
Here is a great example.
06:21
This is a cookie banner I came across recently.
06:25
In fact, if you would like to positive video and see that all four things here are identified somewhere in this cookie banner,
06:30
at that point the user can accept all or reject all
06:34
again. The main point here is the cookie banner is alerting the user that cookies are present.
06:40
It's going to identify which categories of personal information the cookies air going to collect, whether third parties will receive it as a consequence of these cookies and how to stand down or control the cookies if need be
06:51
moving on
06:53
now,
06:54
in less than 6.3, I will actually show you mechanisms to stand down the cookies.
07:00
I'm looking forward to doing that.
07:00
Please be aware that the privacy policies are fairly formula.
07:04
I've identified for you and module for all of the things that need to be included in a privacy policy.
07:11
If you recall, there was the 11 requirements we went through quickly.
07:14
Cookie banners are the same way. There's the four requirements that you need to punch in. Just follow all four and put them in your cookie banner. It's fairly straightforward in my humble opinion.
07:24
Also in this module we reviewed riel World examples of privacy policies and cookie banners.
07:30
I strongly recommend going to the I A. PPS privacy policy. Check it out.
07:34
They identify very fluidly what their leverage of cookies are
07:39
in the cookie banner Example I gave you. You also again see the full requirements of notice as it relates to cookies.
07:45
This is a great opportunity again, as I mentioned with Module five, when we were talking about Children as well as other modules in the past
07:51
toe have heart to heart with the other people you work with, including, and especially your marketing, sales and operations teams.
08:00
I again highly suspect that they're responsible for the collection of personal information that falls outside of your purview.
08:07
They are maybe unaware of the requirements established by the C C P. A,
08:11
especially as it relates to cookies.
08:13
Feel free again to include them in this lesson and see if you can get their attention for a couple of minutes.
08:18
I'll see you in the next lesson. Lesson 6.3. As we dive into the more technical items and identify how to actually stand down cookies,
08:26
some useful controls and tips there,
08:30
I'll see you in the next video.
Up Next