Given recent Health and Human Services’ Office for Civil Rights guidance, HIPAA-regulated entities should consider immediately taking the steps discussed in this GT blog post to reduce the risk associated with their use of tracking technologies.
Continue Reading Cookies and Other Tracking Technologies May Violate HIPAA

In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or

While there is relatively little publicly available empirical data concerning website visitors’ interactions with cookie banners, the data that does exist indicates that user acceptance rates are significantly greater depending upon how many options are presented to a website visitor. For example, in one study researchers placed a cookie banner on a website that provided

Businesses often struggle with how to display cookie banners given the complexities of conveying information to individuals that may lack technical expertise, and “banner fatigue” – a term which describes the reality that consumers presented with pop-ups and cookie banners across different websites may not spend time to read each banner before attempting to close

Generally, most cookie banners fall within four broad categories:

  1. Notice-Only Cookie Banners. A notice-only cookie banner discloses to website visitors that the website deploys cookies (and potentially other tracking technologies), but the banner does not give the visitor any direct control concerning the use of cookies. In other words, the website visitor is not

4.2%

The term “cookie banner” refers to a banner, or splash page, deployed on a website to inform visitors that the website uses cookies, and other online tracking technology. Some cookie banners also give website visitors choices with respect to whether tracking technologies are, or are not, used, including via cookie “opt-in” or “opt-out” user

12.4%

The term “cookie banner” refers to a banner, or splash page, deployed on a website to inform visitors that the website uses cookies, and other online tracking technology. Some cookie banners also give website visitors choices with respect to whether tracking technologies are, or are not, used, including via cookie “opt-in” or “opt-out” user