New York Attorney General Releases Guidelines for Website Privacy Controls

The New York Attorney General's Office recently issued a Guide for Website Privacy Controls in mid-July. Although New York lacks a specific consumer data privacy law, the office asserts that existing consumer protection laws require truthful and non-misleading representations about consumer privacy. This guide is designed to correct common mistakes businesses make when using tracking technologies on their websites.

New York Attorney General Releases Guidelines for Website Privacy Controls

Background

The Attorney General's Office conducted a detailed analysis of cookie activity on various websites. Following the investigation, 13 websites were notified of issues with cookie tracking activity. All identified issues were subsequently resolved.

Key Mistakes Identified

The guidance outlines six common errors companies make when deploying tags and tracking technologies:

1. Uncategorized or Miscategorized Tags and Cookies:

   Improper configuration of consent management tools, such as those provided by UniConsent, can result in marketing cookies not being deactivated as expected.

2. Misconfigured Consent-Management and Tag-Management Tools:

   Inconsistencies between these tools prevent cookies from being deactivated when a user opts out.

3. Use of Hardcoded Tags:

   The use of hardcoded tags does not respond to consent management tools.

4. Misunderstanding Services like Meta’s Limited Data Use:

   Companies often misunderstand how these services work in states without comprehensive data privacy laws.

5. Incomplete Understanding of Tag Data Collection:

   Businesses lack a full understanding of how tags collect and use data.

6. Cookieless Tracking Technologies:

   The use of cookieless tracking technologies passes data to advertising companies without consent to the control of management tools.

Key Issues to Address

To comply with New York's consumer protection laws, the guidance highlights three main issues:

1. Accuracy of Privacy Control Statements:

   Ensure the privacy controls stated in cookie pop-ups and privacy statements are accurate.

2. Avoid Misleading Language:

   If the cookie is already in use at the time of the user's visit, do not give the impression that the user's consent is required before deployment.

3. Non-Misleading User Interface:

   Ensure that cookie-management tools don't use confusing interfaces (i.e., dark patterns).

Recommendations

The guidance provides several "dos" and "don'ts" for privacy-related disclosures and controls:

• Dos:

  Provide separate "Accept" and "Decline" buttons of the same size, color, and emphasis.

• Don’ts:

  Avoid using unclear buttons, such as an "X" that users may interpret as rejecting cookies.

Key Takeaways

Guidance from the New York Attorney General adds to the growing complexity of effectively deploying consent management tools and cookie pop-ups. Businesses must also consider state consumer data privacy laws, litigation risks (e.g., California Invasion of Privacy Act lawsuits), and international requirements. New York State’s lack of state-specific data privacy laws, combined with this guidance, makes compliance even more complex.

UniConsent Integration

To meet requirements in this guideline, UniConsent provides a robust set of compliance configurations, including:

• California Consumer Privacy Act (CCPA)
• Colorado Privacy Act (CPA)
• Connecticut Data Privacy Act (CTDPA)
• Utah Consumer Privacy Act (UCPA)
• Virginia Consumer Data Protection Act (VCDPA)
• IAB EU TCF v2
• IAB CA TCF
• Global Privacy Control (GPC)

UniConsent's technical support ensures seamless configuration and deployment of consent management tools, helping enterprises avoid common pitfalls and ensure compliance with various privacy regulations.

By leveraging UniConsent's solutions, businesses can ensure that their tracking technology and privacy controls are configured correctly, transparently, and user-friendly to meet the expectations set by the New York Attorney General's guidance and other applicable privacy laws.

About UniConsent

UniConsent is a part of Transfon's privacy-first User Experience Platform that serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: hello@uniconsent.com