CCPA Right to Know and Cookies
Ordinary first-party cookies typically contain only anonymous data. Third-party cookies, however, store various types of personally identifiable information (PII), such as IP addresses. So yes, information collected by cookies is also considered personally identifiable information under the CCPA. Therefore, CCPA and CPRA require website operators to disclose what data is collected in cookies – before the data collection occurs.
Does CCPA require a cookie banner?
According to CCPA legislative text, explicit cookie consent and a cookie banner are not required. However, there is a way you must inform your consumers before the time of data collection. Furthermore, you may have customers who are younger than 16, which also calls for deeper caution.
Additionally, in compliance with the CCPA, you must provide the ability to opt-out in the form of a website titled: “Do Not Sell My Personal Information.” A cookie banner is the ideal way to add a link to the mandatory page.
Privacy Policy for Right to Know Compliance
To comply with the Right to Know in your organization under CCPA, you must provide a link to an updated privacy policy. This can be done via a prominent link with the word “Privacy” in the footer or header of your website. Or through a pop-up.
The privacy policy must be reviewed and updated every 12 months – especially if you haven’t done so this year. That’s because new regulations have been enacted since the CPRA went into effect on January 01, 2023.
To help subjects get the important information disclosed, you should describe how you collect, use, share with third parties, and sell personal information in the CCPA Privacy Policy. Again, it’s best to stick to the Wh-questions described.
Once you make a material change to your privacy policy, you must also provide an update notice to your consumers.
Comply with CCPA Right to Know
To comply with the CCPA right to know/disclosure, you must do the following things, among others:
For both of these cases, we have a great toolkit if you are working in Jira or Confluence.
CCPA Right of Disclosure in Jira
As soon as you start using Jira as a customer support platform, or even simply if your employees use it daily, you need to be CCPA compliant here, meaning adding cookie banners and updated privacy policies. After all, according to the CCPA, employees are also considered “consumers”.
If you use Jira in the Cloud variant, Atlassian acts as a data processor and has committed to comply with the CCPA, as you can read in Atlassian’s CCPA Commitment statement. However, if you are hosting Jira (or Confluence) on-premise in Server or Data Center yourself, YOU need to take care of CCPA compliance in Jira yourself.
But we have a goodie for you to help you master data protection compliance easily, namely the Data Protection and Security Toolkit for Jira.
With Data Protection and Security Toolkit for Jira, you can quickly and easily create cookie banners as well as privacy policies to easily comply with the CCPA Right to Know/Disclosure.
We will show in 7 steps how to do it:
Step 1: Navigate to the Dashboard
In Jira, open the Manage Apps tab and navigate to the Data Protection and Security Toolkit Home section. Find the Notifications and Announcements button, click on it, and you will see the Notifications and Announcements dashboard. It is the main page where administrators can manage all announcements.
Step 2: Create a Cookie Banner
You can create an announcement for CCPA using a template. To do so, choose one of two predefined templates (Private Policy or Cookie Policy). Alternatively, you can create a new announcement by clicking the Create button.