Key Takeaways | Cookie Deep Dive: Maximizing Value While Minimizing Risk

Companies face significant and increasing litigation and enforcement risks when leveraging cookies to support business needs. In this webinar, Elliot Golding, Rosa Barcelo, and Jonathan Ende summarized new legal requirements and the latest litigation and enforcement trends; demonstrated how to conduct technical “cookie audits” and configure consent tools; and provided practical tips to minimize risks and avoid common pitfalls while maximizing data for advertising, analytics, and monetization.

Top takeaways included:

1. Enforcement and litigation risks are real, immediate, and significant. US and European regulators are targeting cookie practices through extensive investigations and huge fines. US litigation, arbitration, and demand letters have increased exponentially. The trend of more plaintiffs’ firms asserting additional claims and higher settlement demands is likely to increase because recent courts have denied motions to dismiss and even granted class certification. European collective actions are similarly likely to increase following this week’s decision to allow NOYB (a major privacy activist organization) to bring such claims.
2. Be proactive. Getting involved early not only helps reduce risks, but also allows legal/privacy teams to help business clients leverage data more effectively. In many cases, we can even turn legal/privacy from a cost center to a profit center by improving advertising, analytics, and monetization.
3. Consult experienced counsel now to reduce risks and identify opportunities by:
   1. Auditing current cookie practices and compliance status, including checking configuration settings and creating a categorized inventory of cookie, server-to-server, and other tracking technologies.
   2. Making key risk and compliance decisions, such as whether and how to use a cookie banner, how to address consumer rights, whether to enable geofencing, and whether to implement heightened controls when processing sensitive information.
   3. Implementing risk decisions by configuring consent tools and web/mobile integrations, updating privacy and cookie notices, etc.
   4. Implementing appropriate vendor management controls, including executing appropriate contracts and configuring cookie account settings to limit third-party data processing.
   5. Testing implementation periodically and checking for common pitfalls.
   6. Documenting key governance procedures, such as technical- and business-facing “standard operating procedures,” cookie change request processes, privacy impact assessments, and testing processes.