By Mark Sanborn
Senior Product and Regulatory Counsel
The New York State Attorney General has released important guidance on website tracking technology and privacy controls, focusing on consumer data protection and transparency. Compliance with these guidelines by dealers operating in New York or with New York customers is essential to mitigate potential legal risks under state and federal unfair and deceptive acts and practices (UDAP) laws. The Attorney General also published a companion guide to educate consumers about online tracking practices.
These guidelines are consistent with ComplyAuto’s recommendations for the past several years. It is possible that other state Attorneys General will take similar positions as New York has, particularly since this guidance is offered under the AG’s general UDAP authority (as New York currently does not have a consumer data privacy law). Accordingly, dealers in other states will want to take notice of these guidelines as well.
Key Guidelines and Required Actions:
- Verify Proper Technology Implementation:
- Ensure all privacy and consent management tools are functioning correctly.
- Confirm statements to website visitors about tracking are accurate and not misleading.
- Review cookie categorization, tool configuration, and tracking practices.
- Use Clear and Accessible Language:
- Employ plain language in privacy disclosures.
- Avoid implying user opt-in if tracking begins immediately upon site access.
- Implement User-Friendly Interfaces:
- Make privacy controls easily accessible, including for keyboard navigation.
- Avoid confusing interfaces and ambiguous buttons.
- Provide Fair Choices:
- Present tracking acceptance/decline options with equal prominence.
- Allow single-click declining if accepting requires only one click.
- Use consistent size, color, and emphasis for Accept and Decline buttons.
- Avoid misleading elements in cookie banners.
- Avoid Prohibited Practices:
- Do not require additional steps to decline tracking compared to accepting it.
- Avoid misleading button labels that obscure user choices.
Required Action:
Review and update your website privacy controls to align with these recommendations. This includes revising cookie consent banners, updating privacy policies, and ensuring all interfaces are user-friendly and transparent.
ComplyAuto Users Are In Good Hands:
We have reviewed our cookie banners and consent management options and we are confident that our default recommended banners comply with the Attorney General’s guidelines when properly configured. Some New York users may see minor changes to button color in the coming weeks. Also, our CSMs will discuss these guidelines with dealers during our periodic review meetings.
We strongly advise all dealers to prioritize their online tracking and consent management practices in light of the Attorney General’s focus on this area.
For any questions or assistance in implementing these guidelines, please contact ComplyAuto support.