California’s Consumer Privacy Act goes live on January 1, 2020. It forces businesses beyond California to review their data streams and digital operations to determine if they must comply, and if they do, how to comply. One sleeper here is the issue of cookies.
Cookies in the internet sense are packets of data that a persons’ computer receives when visiting a website. These packets are sent back to the cookie sender without change. The delivered cookie gets stored in the computer of the browser (literally inside the web browser). Cookies help track a person’s visits and activity on the website. Without a cookie sent by an online retailer, for example, every time one moves to a different page on a site, the visitor would need once again to supply account and other information – a terrible burden! But cookies also represent a potential threat, as disguised cookies can install viruses or malware on our computers, and supercookies and zombie cookies pose other threats to personal privacy.
Because a cookie can represent a third party that is accessing personal information of someone visiting a website, website owners and operators must consider whether the data streams arising from this use and the sharing with cookie senders amount to activity governed by the CCPA (or other states with similar or evolving data protection laws). Compliance may require changing a website operator’s notice to web visitors about how their personal data may be shared with such third parties or require other actions. This point is not limited to cookies but extends to pixels and API calls to third-party servers – any access that a site provides to third parties whose cookies are part of the activity when someone visits a site.
In this podcast, Frost Brown Todd attorney William Morriss, who advises numerous tech and other companies about software and internet matters and is himself a former computer programmer, discusses the link between cookies and California’s landmark privacy law. He also explains how businesses can determine their cookie status and comply with the CCPA if required to do so.
Make it a New Years Resolution for 2020 to get ahead of the cookie compliance curve so that cookies don’t become commercial indigestion!