I have a data portal which i can setup CCPA and GDPR cookie consent requirements on but have a feature which allows our customers and employees to be redirected to jira portal for service management where i cannot add cookie banner or opt out option for "third party data sharing" for California CCPA compliance, and trying to understand if & how others may be handling this situation.
Haven't had much luck with Atlassian support yet.
The only part I am not clear on is the user cookie consent form and opt out for non-essential cookies which is the requirement of the EU/ GDPR.
While Atlassian link provided announces compliance to GDPR, the GDPR requirement states that the customers on the portal be presented with a cookie consent and ability to opt out of any non-essential cookie (and the jira service managment portal from atlassian has 2 essential and 2 non-essential cookie) however there is no cookie consent form presented to customers to which our portal directs to for Jira service management (https://datagumbo.atlassian.net/servicedesk/customer/portals)
Therefore I am unsure if this atlassian portal is GDPR compliant and even if I were to try and notify those cookies as 3rd party via our companies portal I would still not be able to restrict non-essential cookies for another parties domain (atlassian domain in this case) should customer choose to opt out and the cookies would still be injected by Atlassian domain unless Atlassian presented their own cookies consent options for anyone landing on their page or allow another customer/ third party like us to update cookie banner and consent form for a portal hosted on their domain which is very unlikely and their support did confirm its not something they can allow.
@s.ali Those are great questions and since I am only a community member I can only refer to Atlassian's documentation and what I know about the product. I am going to escalate this and see if someone who works for Atlassian can provide you with better information.
Sorry I missed to update Brant.
I received the following message from Atlassian legal team which I think works for me.
Regarding GDPR, the cookies you cite ( ajs_group_id , ajs_anonymous_id ) are related to Atlassian’s performance-related analytics. We provide notice regarding this data collection in section 7.1 of our data processing addendum. We do not believe an opt-out or ability to restrict these cookies is necessary because they don’t collect any personal data regarding the end user - instead, they contain randomly generated IDs. These IDs help us understand an end user’s experience across out products, and benchmark performance of our products.
On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link. We've seen a number of questions already asking for...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events