Skip to main content

CCPA compliance questions

Strella ( Petrosso )
  • Edited

Hi,
I know that it is possible, with a pro/pay version of Cookiebot, to became both CCPA and GDPR compliant.

1. Can I manage the "multiple banner" configuration with the Cookiebot WordPress Plugin?

2. If I choose to implement both banners, can I set the prior consent (no cookies set without user consent, as in a GDPR compliant configuration) for the US based visitor too?

3. I know that Cookiebot can help us to implement the mandatory Do Not Sell My Personal Information link. But... What exactly happens when a user clicks on the DNSMPI link provided by cookiebot? I can't find any information/screenshot in the Cookiebot Documentation.

I suppose that third party cookies/script/pixels etc are promptly blocked, so the website simply ceases to "sell" users PI, and that's ok.

But what about:
- opt-out requests, with particular reference to the requirement to notify "all parties to whom it has sold the personal information in the previous 90 days"?
- disclosure or deletion requests, with particular reference to the PI collected from third parties?

To me, it is pretty clear how to act when I actually "share" data with a third party/service provider (es. Google Analytics). In this case, I can:
- control/restrict the user's PI collected from the third party service,
- identify the user and therfore activate a specific procedure (https://www.cookiebot.com/en/google-analytics-ccpa/) to comply with the law.

But if I have - let's say - an embedded Youtube/Facebook/Whatever video on a web page, my website doesn't collect any extra PI when the user accepts marketing cookies and chooses to watch the clip.
His/her information is directly collected by Google/Facebook/Whatever and the website Owner doesn't have - at least to my knowledge - any means to notify the third party about a consumer request for opt-out, disclosure or retention.
I wasn't able to find any guideline online on how to handle this particular scenario.

0

Comments

4 comments

Date Votes
  • Spas – vConnect – Community Supporter

    Hi Strella,

    As a understand from your question you would like to use this approach: https://support.cookiebot.com/hc/en-us/articles/360010932419-Use-multiple-banners-on-the-same-website-support-both-CCPA-GDPR-compliance-

    This allows you to use a default banner, and alternative banners for visitors from particular countries (regions).
    The blocking mechanism is identical as normal Cookiebot usage, but you can choose whether or not cookies are blocked prior consent or not for the CCPA banner by choosing whether or not to display the banner.

    Regarding the first question, it's possible to manage the "multiple banner" configuration with the Cookiebot WordPress Plugin. But first you would need to configure your domain group from the Cookiebot admin panel.
    About the second question, from the admin panel you could select to which countries(regions) to display the banners, and just needs to select to show banners and ask for consent both europe and US.

    About the "don't sell" checkbox, it triggers a full opt out. Meaning that only necessary cookies will be set.
    The whole disclosure or deletion thing isn't really applicable for Cookiebot, you can see your consent level and which cookies are getting set on the declaration. You can also opt out. Hope this make sense and answer your questions. 

    Regards,
    Spas

     

    0
  • Dave G

    Hi, very interesting reading.

    We have just implemented a new domain group to show a new "Do Not Sell (Opt In)" banner for California Residents only and use a "Multilevel" banner everywhere else. 

    In the background, the "Do Not Sell (Opt In)" effectively seems to use the "Do not sell" checkbox as a flag to only permit necessary cookies. While the "Accep all" btn - does exactly that.

    Can I ask why the "Do Not Sell (Opt In)" banner does not permit the seleciton of seperate cookie categories? - Should there not be a "Multilevel Do Not Sell (Opt In)" banner?

    0
  • fas sfas

    No, once you reclassify the AdSense cookies manually, the cookies would be assigned to unique class and saved. For instance in case you re-classify "advertising and marketing blog help" cookies as "data", these cookies could be saved as "facts" any further.

    0
  • Mimi

    Can you tell us more about you set up the different banners depending on location with the WordPress Plugin?

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post