Happy (or Unhappy) Cookie Day! A Note on Privacy.

Ralph Otto author photo
Ralph Otto Chief Product Officer
Development

For marketers, cookies are an important tool to understand your website’s performance through the visitor behavior. They are one tool in a host of tools/services that gather visitor information to gain insights into their behavior. Examples of a few pieces of data that could be tracked include usernames, IP addresses, saved logins, website preferences, and a history of page visits. While we consider these efforts benign, some see this as an invasion of privacy.

Historically, this tracking generally is invisible (depending on your browser preferences) so visitors are not presented with the ability to opt-out of being tracked. As technology is more interconnected, the data points can be used to build a rich profile on visitors. The worst case scenario would be a data breach where these profiles would get taken and the information within would be exploited.

In the US, California is looking to head up efforts to make website owners provide transparency and control over how visitor information is tracked.

The California Consumer Privacy Act (CCPA) goes into effect January 1. This act has a number of requirements for companies that do business in California and have revenue exceeding $25M, have 50k customer records, or generate more than half their revenue selling customer data. This law is similar in concept to Europe’s General Data Protection Regulation (GDPR), but has distinct requirements.

CCPA will not be enforced until July 2020, which gives us a runway to have a conversation about how to get your website compliant.

There are a number of tactics that can be employed on your website to become compliant. If you’d like to discuss what makes the most sense for your site, contact us. We’re happy to help get you there.

Disclaimer: We are not lawyers, so if you haven’t yet, have a conversation with your general counsel around your company’s privacy practices. Additionally, if you do business in Europe, GDPR is a more urgent concern since it is already in effect.

More reading: