How to ensure compliance to CCPA (California) and cookie consent (EU)

Thanks Brant.

The only part I am not clear on is the user cookie consent form and opt out for non-essential cookies which is the requirement of the EU/ GDPR.

While Atlassian link provided announces compliance to GDPR, the GDPR requirement states that the customers on the portal be presented with a cookie consent and ability to opt out of any non-essential cookie (and the jira service managment portal from atlassian has 2 essential and 2 non-essential cookie) however there is no cookie consent form presented to customers to which our portal directs to for Jira service management (https://datagumbo.atlassian.net/servicedesk/customer/portals)

Therefore I am unsure if this atlassian portal is GDPR compliant and even if I were to try and notify those cookies as 3rd party via our companies portal I would still not be able to restrict non-essential cookies for another parties domain (atlassian domain in this case) should customer choose to opt out and the cookies would still be injected by Atlassian domain unless Atlassian presented their own cookies consent options for anyone landing on their page or allow another customer/ third party like us to update cookie banner and consent form for a portal hosted on their domain which is very unlikely and their support did confirm its not something they can allow.

@s.ali Those are great questions and since I am only a community member I can only refer to Atlassian's documentation and what I know about the product.  I am going to escalate this and see if someone who works for Atlassian can provide you with better information.  

Thank you once again Brant, much appreciate your guidance and help with escalating with Atlassian.

- Shakir 

I am going to reach out to Atlassian again, sorry for the delay.

Sorry I missed to update Brant.

I received the following message from Atlassian legal team which I think works for me.

"

Regarding CCPA, Atlassian does not sell any information that it collects from its customers or end users - we make this commitment in our privacy policy and data processing addendum. Accordingly, there is no need for a cookies opt-out related to CCPA.

Regarding GDPR, the cookies you cite ( ajs_group_id , ajs_anonymous_id ) are related to Atlassian’s performance-related analytics. We provide notice regarding this data collection in section 7.1 of our data processing addendum. We do not believe an opt-out or ability to restrict these cookies is necessary because they don’t collect any personal data regarding the end user - instead, they contain randomly generated IDs. These IDs help us understand an end user’s experience across out products, and benchmark performance of our products.

"

Great