Why is cookie compliance important for my website?
Adding the PieEye app to your website is an important step in the creation of your site, as data privacy and cookie compliance are both protection and peace of mind.
First and foremost, the PieEye app protects the personal information of your users and visitors. When a website is GDPR compliant, it means that it has taken steps to ensure that the personal data of its users is collected, stored, and used in a way that is in line with the General Data Protection Regulation. This regulation is a large set of rules that were put in place by the European Union (EU) to give individuals more control over their personal data and to help protect their privacy.
In addition to protecting the personal data of users, GDPR cookie compliance and data privacy are also important for building trust and credibility with users. When a website is transparent about how it collects and uses personal data, users are more likely to trust it and feel comfortable sharing their information. This can help to foster a positive relationship between the website and its users, which can ultimately lead to increased engagement and conversions.
Also, GDPR cookie compliance and data privacy are important for websites from a legal standpoint. If a website is found to be in violation of GDPR regulations, it could face significant fines and other penalties. This could have a negative impact on the website's reputation and bottom line. By taking the necessary steps to become GDPR compliant and prioritize data privacy, a website can avoid these potential legal issues and protect itself from any potential liabilities.
Overall, GDPR cookie compliance and data privacy are essential for any website. They help protect the personal information of users, build trust and credibility with users, and safeguard the website from potential legal issues. By taking the necessary steps to become GDPR compliant and prioritize data privacy, a website can ensure that it is operating in a responsible and ethical manner.
For more detailed information about PieEye, as well as different assets and collateral, see the resource center.
Plans and Features
How do I know if the CPRA covers me?
The CPRA applies to companies that make more than 50% of annual revenue from selling or sharing personal information. It also can apply based on size; any company doing business in California that did more than $25 million in revenue the preceding year is covered. It can also apply based on scope; if you sell or share the personal information of more than 100,000 consumers or households in California. The CPRA created:
New rules around targeted advertising.
New requirements between a company and its contractors.
New data minimization and retention schedules.
Does CPRA shift the landscape from CCPA?
Yes, the legal landscape on Data Privacy is evolving, and will continue to evolve. The CPRA is a big piece of that. CPRA will have additional regulations (on top of the current CPPA). There is a new privacy office that has been established under the CPRA. The changes involve much more than amending your privacy policies and adding a “do not sell”. The CPRA will require companies to have a very good handle on what personal information they collect, what they do with it, where they store it, and with whom they share it. This is a shift for companies that have not been subject to the GDPR or have not devoted significant resources to the GDPR or compliance. It takes a lot of cross- team support within organizations to really be in compliance.
What are the most significant changes to the CCPA under the CPRA?
The exemption for employee and business-to-business data goes away. Under the CCPA, businesses only have to give notice at the point of data collection. Now, employees have access rights to their data. They may ask to see the data that’s been collected and request deletion or correction. The same goes for B2B communications. An individual has rights to the data collected about them if it occurred as part of a B2B relationship. There’s a potential to need a lot of resources for that because employees tend to be interested in what their employer is saying about them. Under the GDPR in Europe, claims with respect to access to employee data has been an area where there’s been a lot of litigation. Complaints can lead to significant enforcement actions, so this is really an area to pay attention to.
Access and Deletion Rights
Under CPRA, there’s a new right for correction and a right to restrict the use of sensitive data. There’s also an opt-out for data sharing, and there’s no longer a 30- day “cure” period for companies to remedy breaches or slip ups before a regulator considers enforcement action. Companies need to be a lot more thoughtful and potentially risk-averse at the outset when they’re developing their compliance practices.
If I'm a small company and I comply with CCPA, am I pretty close to CPRA?
You are probably in a good spot. However, it is a dynamic environment where new potential regulations and rules are coming into play, and that's going to be harder to comply. For legal questions, always consult a professional.
What should small companies do?
Small companies really need to determine whether the CPRA applies. But even if they are not covered under the CPRA, they will get consumer requests, and it would be best to respond to them. The change in the law’s threshold from 50,000 consumers to 100,000 consumers is likely to mean that more small businesses and small companies are likely to be outside the scope of the CPRA. However, the consumers in a small businesses database probably will be expected to be treated as though their CPRA rights are being respected. It really comes down to understanding your data flows and data inventories. Most companies, whether large or small, do not know where all their PII data is being kept. It’s a must to identify and review third parties that are processing personal data on the company’s behalf and then review the public-facing representations and policies.
The CPRA created a new privacy enforcement agency, the California Privacy Protection Agency. It can bring the same fines the state attorney general can but on an administrative basis. So you have a lot more liability in dollar figures because of the possibility for that administrative fine. The CPPA and the California Attorney General will work together, with the California Attorney General pursuing civil penalties within the courts in potentially much larger actions.
To learn more about PieEye, visit the PieEye website.