For dealerships that want to avoid becoming the FTC’s next example, they must begin obtaining proper consent for the use and sharing of cookies that collect and track a prospective finance or lease customer’s online information and browsing history (and for those of you wondering, yes, the federal Gramm-Leach Bliley Act defines non-public personal information as including cookies and similar technologies). To state the obvious, this is an action based on federal law, so dealerships in all states (even those without comprehensive privacy laws) must prioritize protecting user data by updating their privacy policies with comprehensive disclosures, a cookie use policy, and a compliant cookie consent banner.
For example, a well-designed cookie banner is a crucial tool for dealerships to obtain users’ informed consent for the use of online tracking in connection with retargeted advertising. However, poorly designed cookie banners can do more harm than good if they are implemented to confuse or trick consumers into consenting to online tracking (often referred to by regulators as “dark patterns”). Unfortunately, many vendors offer cookie banners that don’t actually work and may inadvertently allow cookies and other tracking technologies to deploy before the user has a chance to consent.
In short, online privacy disclosures and cookie consent management should be a top priority for any risk-averse auto dealership. Updating privacy policies with comprehensive disclosures and implementing a compliant cookie consent banner can help defeat claims similar to those brought against GoodRx and protect the dealership from other novel privacy allegations like we have seen with the recent uptick of state and federal wiretapping lawsuits stemming from online tracking activities.