Do you honor your users’ choices?

Privacy compliance relies on user consent and how your website or app uses first-party cookies and third-party requests to collect and share data. Our scanner evaluates the privacy compliance level of your website or app and checks whether it meets the requirements of privacy laws such as GDPR, ePR, CCPA, and more.

Once you have identified which cookies and requests are being used by your website or app for data collection, you can begin to ask your users for consent. A consent management platform for websites (Usercentrics Web CMP) or apps (Usercentrics App CMP) manages the gathering and storing of consents to help you achieve privacy compliance.

The data privacy scan can identify your website or app as a low risk level. A low risk level means that our scanner found that your website or app sets first-party cookies without explicitly asking users for consent, which can violate some data privacy laws. No third-party cookies or third-party requests were found.

A medium risk level means that the data privacy scan found that your website or app is definitely not privacy compliant. Your website or app sets an above average number of either first-party cookies or third-party cookies and/or third-party requests, without explicitly asking users for consent. You may be at risk of noncompliance penalties.

A high risk level means that the data privacy scan found that your website or app has substantial privacy compliance failures. Your website or app sets a large number of third-party cookies and third-party requests without explicitly asking users for consent. You may be at risk of noncompliance penalties.

Cookies are small files set in web browsers that enable user identification tracking, personalized marketing, and other functions. Some types of cookies share user data with third parties. Website operators and app publishers should know which cookies they use and what data they collect. Valid consent can’t be requested from users without accurately communicating about cookie usage.

First-party cookies are set by websites or apps while the user is active. They enable you to collect customer activity and analytics data, remember language and other preference settings, and carry out other useful user experience functions.

The riskiest type of cookies for privacy compliance, these are usually set for tracking and retargeting marketing campaigns. They are set by third-party servers, such as ad servers on websites and in apps, and user data is then shared.

Third-party requests are files that are loaded from a website other than the one that the user is currently visiting. They usually are from vendors whose technology is implemented on the website or within the app where the user is active, or who use that website or app for advertising and tracking purposes.

Privacy compliance refers to collecting, storing, processing, and using customer data in a way that aligns with the requirements of relevant data privacy and protection laws and your internal policies. If an organization collects and uses personal data from people in regions where there are data privacy laws like the GDPR, LGPD, POPIA, CCPA, etc., typically the organization must comply with those laws, even if the organization is located elsewhere.

We can’t provide specific legal advice, but there are some best practices. Appoint representatives for data privacy and protection initiatives. Know what data you collect and how it’s managed. Have a provable legal basis for data processing. Set up data processing agreements with third parties. Provide clear information to enable users’ consent choices. Download our GDPR Compliance Checklist for more information.