Cookie compliance can be really hard to stay on top of everything. In todays example we’re going to showcase world renowned law firm DLA Piper and how even they are out of compliance with their cookie disclosure showcasing outdated, incorrect, and only a small sample of the actual cookies and tracking technologies that they are running on their website. This problem is not unique to DLA Piper as even Honda Motors was recently fined $632,500 by the California Privacy Protection Authority (CPPA) over misconfigured consent banners and other violations around CCPA/CPRA legal requirements.
The reason that this happens is that privacy compliance is complex, always evolving, and difficult to stay on top of unless you’re using a solution that keeps compliance requirements up to date and as new technologies and plugins are added to a website having to manually upload the changes is often not done.
Below we showcase what a quick Google Chrome inspection showcases this initial list of default cookies turned on for the homepage of DLAPiper.com and a more detailed scan using the Captain Compliance Cookie Scanner that showcases 51 cookies present throughout the DLAPiper.com website. Some of these are common like Facebook and Google Analytics cookies:
Here is the Scan Report of 3rd Party Targeting Cookies Courtesy of Captain Compliance
Example of scanner report with description courtesy of Captain Compliance:
On the Cookie Policy disclosure on the DLA Piper website found here the website discloses some of the technologies used but leaves out a lot of descriptions and usage of the tracking technologies on the site. Again this is not only a DLA Piper issue but the point we want to make is that keeping up with cookie compliance is really tough even for one of the worlds most renowned and respected law firms. So if DLA Piper is struggling to do it and so is Honda that means almost every other business not using Captain Compliance’s software is most likely not keeping pace as well.
If you notice the image below from the cookie list is different than the actual current (as of this post) targeting cookie samples pictured above. One thing the consent banner does do well is that it has the list of the different vendors but it is not properly documented in the cookie policy and is outdated with incorrect information.
