I know that it is possible, with a pro/pay version of Cookiebot, to became both CCPA and GDPR compliant.
1. Can I manage the "multiple banner" configuration with the Cookiebot WordPress Plugin?
2. If I choose to implement both banners, can I set the prior consent (no cookies set without user consent, as in a GDPR compliant configuration) for the US based visitor too?
3. I know that Cookiebot can help us to implement the mandatory Do Not Sell My Personal Information link. But... What exactly happens when a user clicks on the DNSMPI link provided by cookiebot? I can't find any information/screenshot in the Cookiebot Documentation.
I suppose that third party cookies/script/pixels etc are promptly blocked, so the website simply ceases to "sell" users PI, and that's ok.
But what about:
- opt-out requests, with particular reference to the requirement to notify "all parties to whom it has sold the personal information in the previous 90 days"?
- disclosure or deletion requests, with particular reference to the PI collected from third parties?
To me, it is pretty clear how to act when I actually "share" data with a third party/service provider (es. Google Analytics). In this case, I can:
- control/restrict the user's PI collected from the third party service,
- identify the user and therfore activate a specific procedure (https://www.cookiebot.com/en/google-analytics-ccpa/) to comply with the law.
But if I have - let's say - an embedded Youtube/Facebook/Whatever video on a web page, my website doesn't collect any extra PI when the user accepts marketing cookies and chooses to watch the clip.
His/her information is directly collected by Google/Facebook/Whatever and the website Owner doesn't have - at least to my knowledge - any means to notify the third party about a consumer request for opt-out, disclosure or retention.
I wasn't able to find any guideline online on how to handle this particular scenario.
Please sign in to leave a comment.