While there is relatively little publicly available empirical data concerning website visitors’ interactions with cookie banners, the data that does exist indicates that user acceptance rates are significantly greater depending upon how many options are presented to a website visitor. For example, in one study researchers placed a cookie banner on a website that provided
Businesses often struggle with how to display cookie banners given the complexities of conveying information to individuals that may lack technical expertise, and “banner fatigue” – a term which describes the reality that consumers presented with pop-ups and cookie banners across different websites may not spend time to read each banner before attempting to close
Generally, most cookie banners fall within four broad categories:
No.
The regulations implementing the CCPA only require that a business utilize reasonable security in the context of personal information collected or processed for specific purposes – i.e., consumer requests and information provided in response to access requests. The Office of the Attorney General (OAG) has stated that what constitutes “reasonable security measures” in these
No.
The CCPA permits consumers to “institute a civil action” only where consumer “nonencrypted or nonredacted personal information” is “subject to an unauthorized access and exfiltration, theft, or disclosure.” [1] The CCPA does not provide a private right of action, nor does it provide statutory damages, if a company violates its obligation to disclose to
The CCPA contains several references to the obligation of a business to, in response to an access request, provide the “specific pieces of personal information” that it has collected about a California resident.1 Each of those sections is modified by California Civil Code Section 1798.130(a)(2), which states that “the disclosure” required by a business
During the rulemaking process, the Office of the Attorney General was requested to clarify that a business is not required to search for, and produce, “unstructured data” such as paper records in response to an access request.1 The Attorney General declined the request, stating that the exclusion of “all unstructured data is not as
While the CPRA deferred a majority of the CCPA’s employee-related substantive requirements until Jan. 1, 2023, employers are still required to provide employees with a notice at collection.[1] As a result, since Jan. 1, 2020, a notice at collection, which must be provided “at or before the point at which” the collection of information
The EU General Data Protection Regulation and the California Consumer Privacy Act took different paths to come into existence, but as Greenberg Traurig Co-Chair, U.S. Data, Privacy & Cybersecurity David Zetoony writes, the two bills are still related. Zetoony looks back at the creation of the bills, and explains that when looking at future privacy
A law firm may be considered a service provider under the CCPA to the extent that a written contract between the law firm and its client (e.g., an engagement letter) prohibits the law firm from using, retaining, and disclosing personal information except to the extent permitted by the client. As the CCPA only requires that