Overview
Companies face significant and increasing litigation and enforcement risks when leveraging cookies to support business needs. In this webinar, McDermott Will & Emery Partner Elliot Golding and OneTrust Strategy Director Alex Cash summarized new legal requirements and the latest litigation and enforcement trends; technically demonstrated how cookies work, how to conduct “cookie audits,” and how to configure cookie consent tools; and provided practical tips to minimize risks and avoid common pitfalls while maximizing data for advertising, analytics, and monetization.
Top takeaways included:
- Enforcement and litigation risks are real, immediate, and significant. US litigation, arbitration, and demand letters have increased exponentially. More than dozen plaintiffs’ attorneys are asserting hundreds of claims each month. The number of claims and settlement demands continues to rise because most courts have recently denied motions to dismiss and even granted class certification. State regulators and the Federal Trade Commission have also significantly increased enforcement regarding cookie usage and related data subject rights, which commonly involves extensive and costly investigations, huge fines, and broad corrective actions requires through 20-year consent decrees.
- Be proactive. Getting involved early not only helps reduce risks but also allows legal and privacy teams to help business clients leverage data more effectively. In many cases, we can transform legal and privacy from a cost center to a profit center by enhancing advertising, analytics, and monetization.
- Consult experienced counsel now to reduce risks and identify opportunities to:
- Audit current cookie practices and compliance status. This includes checking configuration settings and creating a categorized inventory of client-side technologies (like cookies and pixels), server-side tools, and related data practices (like building custom or lookalike audiences using email lists).
- Collect and translate often inconsistent information. Gather and clarify the inconsistent information provided by internal stakeholders (marketing, IT, etc.) and external parties (such as marketing agencies and cookie providers).
- Provide practical advice and benchmarking. Help business stakeholders make key risk and compliance decisions, such as whether and how to use a cookie banner, how to address consumer rights, whether to enable geofencing, and whether to implement heightened controls when processing sensitive information.
- Offer concise, specific, and actionable recommendations. Provide clear and practical guidance to implement risk decisions.
- Implement appropriate vendor management controls. This includes executing appropriate contracts (with both processors and controller-to-controller advertising partners) and configuring cookie account settings to limit third-party data processing.
- Test and troubleshoot implementation periodically. Regularly check for common pitfalls.
- Document key governance procedures. Establish and document technical and business-facing “standard operating procedures,” training, cookie change request processes, privacy impact assessments, and testing processes.