Things People Overlook When Setting up Cookie Compliance for Websites

OneTrust, cookie compliance, data & tracking, privacy ... these are all words that are becoming more and more relevant as more privacy laws emerge in 2022 from various countries, regions, and states.

Unfortunately, the public documentation on this could be better, as I've learned over the last few months implementing banners that properly block cookies for brands.

I want to concisely address some of the things that people fail to consider / set up when creating this. None of this is legal advice.

-Don't forget about cookies that AREN'T pushed through your Google Tag Manager. Are those getting blocked? That includes setting up privacy mode for any YouTube video embeds or creating a block for the youtube cookie.

-If you use OneTrust, know all the nuances behind it. They don't mention in the documentation that you need to hit the publish button and reinsert the updated code when you turn on autoblocking or configure it to ask for consent again.

-There are usually more laws than just GDPR and CCPA when you have an international business, potentially a lot more. Make sure you align with the legal team to figure out what stuff you fall into. Again, seek legal professional counsel here. Brazil, India, China, and other USA states, for starters, have emerging laws.

-It's often a battle between marketing and legal to identify how aggressive they can be while maintaining data. Often, it's better to opt to be cautious. For example, you may implement a more cautious approach to an entire country like the USA even though only a few states have laws just to be safe since there are new emerging laws, complexities, and varying levels of effort for implementation of various geotargeting rules. Marketing isn't always going to be happy with a 70 to 85% change in the traffic they can see, but that can happen and is something they have to accept.