Keeping up with current data privacy laws and regulations can be time consuming and expensive. While this content is not legal advice and never meant to take the place of consulting with your own legal counsel, we appreciate that the topics can be challenging to navigate, especially as they relate to changing technologies. This page provides helpful tips, links, and insights related to current industry practices. We recommend each brand create their own best practices and guidelines that fit and follow current privacy legislation. Any fullthrottle.ai technology on an Advertiser’s website should include privacy policies deployed and articulated by the Advertiser.
fullthrottle.ai employs both internal and external best practices and guidelines for data privacy within our company. You can read more about our processes and our SOC2 compliance. We partner with OneTrust for our consent management platform (CMP) to mitigate privacy risks.
Identified below are commonly accepted Privacy Principles you may want to consider as you communicate out your Privacy Program.
- Clearly identify the information you collect
- Ensure the User consent agreement aligns with the information you collect
- Clearly state the purpose for collecting information
- Identify the length of time you retain information
- Collect only information which aligns to consent agreement
- Handle the information in ways people would reasonably expect and not use it in ways that have unjustified effects
- Ensure information is disposed of appropriately when no longer needed to support the reason it was collected
- Review your consent agreement periodically to ensure it remains aligned with your business needs as technology changes
- Ensure consumers have the ability to change their consent preference, including the ability to opt-out
Companies that prioritize transparency, user control, and data protection are more likely to be recognized for their best privacy practices surrounding first and third-party data.
Obtain consent before activating cookies: Organizations should obtain users' consent before setting cookies. This consent should be explicit and given freely, and users should be provided with an option to opt-out of non-essential cookies.
Provide options for cookie settings: Organizations should provide users with options to manage their cookie settings, such as the ability to opt-out of non-essential cookies or to delete cookies.
Limit the lifespan of cookies: Organizations should limit the lifespan of cookies to the shortest amount of time necessary to achieve their purpose. This helps to minimize the amount of data that is collected and stored.
Keep cookies secure: Organizations should take steps to keep cookies secure, such as encrypting cookies to prevent unauthorized access or tampering.
Regularly review and update cookie policies: Organizations should regularly review and update their cookie policies to ensure they are up-to-date and accurate.
Resources and Examples of Consent Management Platforms
A CMP provides a way for website owners to obtain and manage user consent for data processing activities that require it, as required by various data protection regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Rights Act (CPRA).
A CMP typically includes a user interface that allows website visitors to review and control their preferences for data processing activities. It may also include features such as cookie scanning and monitoring, consent logging, and reporting to help organizations demonstrate compliance with applicable regulations.
Overall, a CMP is an important tool for organizations to help ensure that they obtain and manage user consent in a compliant and transparent manner, while also providing users with greater control over their personal data.
OneTrust: OneTrust connects data, teams, and processes for seamless collaboration. Their platform is customizable to fit your needs and offers a variety of trust solutions that include: privacy, Governance, Risk, and Compliance (GRC), ethics, and Environmental, Social, and Governance (ESG). OneTrust’s platform proactively mitigates risk and bridges gaps between teams and workflows. OneTrust offers solutions based on regulations and trust domains here.
Resources for Privacy Best Practices
International Association of Privacy Professionals (IAPP) - The IAPP is a key resource for privacy related information and tracks changes in State level privacy legislation.
General Data Protection Regulation (GDPR) - The GDPR is an EU regulation that governs data protection and privacy. Their website provides information on data subject rights, including the right to opt-in and opt-out of data processing.
California Consumer Privacy Rights Act (CPRA) - The CCPRA is a US law that provides California residents with certain data privacy rights, including the right to opt-in and opt-out of data sharing. Their website provides guidance on how to comply with the CCPRA and best practices for opt-in and opt-out.
Interactive Advertising Bureau (IAB): IAB empowers the media and marketing industries to thrive in the digital economy. They have committees and councils who drive the industry forward, Centers of Excellence who develop guidelines and best practices, and a Tech Lab that produces technical standards and protocols.
Information Commissioner's Office (ICO): The ICO is an independent authority in the UK that promotes and enforces data protection and privacy regulations. Their website provides guidance on cookies and consent, including best practices for obtaining consent and managing cookies.
European Data Protection Board (EDPB): The EDPB is an independent European Union (EU) body that provides guidance on data protection and privacy. Their website provides information on cookies and consent, including best practices for obtaining valid consent and managing cookies.