I have a data portal which i can setup CCPA and GDPR cookie consent requirements on but have a feature which allows our customers and employees to be redirected to jira portal for service management where i cannot add cookie banner or opt out option for "third party data sharing" for California CCPA compliance, and trying to understand if & how others may be handling this situation.
Haven't had much luck with Atlassian support yet.
Since Atlassian is the one hosting the data it is already covered under their privacy policy. You could always add a link in a portal announcement to https://www.atlassian.com/legal/privacy-policy#other-important-privacy-information which contains their CCPA and EU information.
Thanks Brant.
The only part I am not clear on is the user cookie consent form and opt out for non-essential cookies which is the requirement of the EU/ GDPR.
While Atlassian link provided announces compliance to GDPR, the GDPR requirement states that the customers on the portal be presented with a cookie consent and ability to opt out of any non-essential cookie (and the jira service managment portal from atlassian has 2 essential and 2 non-essential cookie) however there is no cookie consent form presented to customers to which our portal directs to for Jira service management (https://datagumbo.atlassian.net/servicedesk/customer/portals)
Therefore I am unsure if this atlassian portal is GDPR compliant and even if I were to try and notify those cookies as 3rd party via our companies portal I would still not be able to restrict non-essential cookies for another parties domain (atlassian domain in this case) should customer choose to opt out and the cookies would still be injected by Atlassian domain unless Atlassian presented their own cookies consent options for anyone landing on their page or allow another customer/ third party like us to update cookie banner and consent form for a portal hosted on their domain which is very unlikely and their support did confirm its not something they can allow.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@s.ali Those are great questions and since I am only a community member I can only refer to Atlassian's documentation and what I know about the product. I am going to escalate this and see if someone who works for Atlassian can provide you with better information.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am going to reach out to Atlassian again, sorry for the delay.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry I missed to update Brant.
I received the following message from Atlassian legal team which I think works for me.
"
Regarding CCPA, Atlassian does not sell any information that it collects from its customers or end users - we make this commitment in our privacy policy and data processing addendum. Accordingly, there is no need for a cookies opt-out related to CCPA.
Regarding GDPR, the cookies you cite ( ajs_group_id , ajs_anonymous_id ) are related to Atlassian’s performance-related analytics. We provide notice regarding this data collection in section 7.1 of our data processing addendum. We do not believe an opt-out or ability to restrict these cookies is necessary because they don’t collect any personal data regarding the end user - instead, they contain randomly generated IDs. These IDs help us understand an end user’s experience across out products, and benchmark performance of our products.
"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.