Companies face significant and increasing litigation and enforcement risks when leveraging cookies to support business needs. In this webinar co-hosted with ACC Northeast, Elliot Golding and Raja Chatterjee offered a technical deep dive and practical tips to monetize data while managing online risks related to cookies, accessibility, and intellectual property issues.

Top takeaways included:

1. Enforcement and litigation risks are real, immediate, and significant. US litigation, arbitration, and demand letters have increased exponentially. Dozens of plaintiffs’ attorneys are asserting hundreds of claims each month, with the number of claims and settlement demands continuing to rise. Most courts have denied motions to dismiss and even granted class certification. State regulators and the Federal Trade Commission have also significantly increased enforcement regarding cookie usage and related data subject rights, which have resulted in significant monetary settlements and extensive corrective action plans (see our summaries of prior enforcement actions here and here).
2. Be proactive. Getting involved early not only helps reduce risks but also allows legal and privacy teams to help business clients leverage data more effectively. In many cases, we can transform legal and privacy from a cost center to a profit center by enhancing advertising, analytics, and monetization.
3. Consult experienced counsel now to reduce risks and identify opportunities. McDermott Will & Schulte leverages an extensive library of policies, guidance, and other materials with step-by-step instructions to help companies:
   1. Audit current cookie practices and compliance status. This includes checking cookie management tools and website configuration settings as well as creating a categorized inventory of cookie, server-to-server, and other tracking technologies.
   2. Collect and translate often inconsistent information. Gather and clarify the inconsistent information provided by internal stakeholders (marketing, IT, etc.) and external parties (such as marketing agencies and cookie providers).
   3. Provide practical advice and benchmarking. Help business stakeholders make key risk and compliance decisions, such as whether and how to use a cookie banner, how to address consumer rights, whether to enable geofencing, and whether to implement heightened controls when processing sensitive information.
   4. Implement appropriate vendor management controls. This includes executing appropriate contracts and configuring cookie account settings to limit third-party data processing.
   5. Test and troubleshoot implementation periodically. Regularly check for common pitfalls. We suggest monthly or quarterly auditing.
   6. Document key governance procedures. Establish and document technical and business-facing “standard operating procedures,” training, cookie change request processes, privacy impact assessments, and testing processes.  Please reach out to the speakers if you’re interested in these and other materials from McDermott Will & Schulte’s template library.