Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to ensure compliance to CCPA (California) and cookie consent (EU)

I have a data portal which i can setup CCPA and GDPR cookie consent requirements on but have a feature which allows our customers and employees to be redirected to jira portal for service management where i cannot add cookie banner or opt out option for "third party data sharing" for California CCPA compliance, and trying to understand if & how others may be handling this situation.

Haven't had much luck with Atlassian support yet.

1 answer

1 accepted

0 votes
Answer accepted
Brant Schroeder Community Leader Dec 10, 2020

Since Atlassian is the one hosting the data it is already covered under their privacy policy.  You could always add a link in a portal announcement to https://www.atlassian.com/legal/privacy-policy#other-important-privacy-information which contains their CCPA and EU information.  

Thanks Brant.

The only part I am not clear on is the user cookie consent form and opt out for non-essential cookies which is the requirement of the EU/ GDPR.

While Atlassian link provided announces compliance to GDPR, the GDPR requirement states that the customers on the portal be presented with a cookie consent and ability to opt out of any non-essential cookie (and the jira service managment portal from atlassian has 2 essential and 2 non-essential cookie) however there is no cookie consent form presented to customers to which our portal directs to for Jira service management (https://datagumbo.atlassian.net/servicedesk/customer/portals)

Therefore I am unsure if this atlassian portal is GDPR compliant and even if I were to try and notify those cookies as 3rd party via our companies portal I would still not be able to restrict non-essential cookies for another parties domain (atlassian domain in this case) should customer choose to opt out and the cookies would still be injected by Atlassian domain unless Atlassian presented their own cookies consent options for anyone landing on their page or allow another customer/ third party like us to update cookie banner and consent form for a portal hosted on their domain which is very unlikely and their support did confirm its not something they can allow.

Brant Schroeder Community Leader Dec 18, 2020

@s_ali Those are great questions and since I am only a community member I can only refer to Atlassian's documentation and what I know about the product.  I am going to escalate this and see if someone who works for Atlassian can provide you with better information.  

Thank you once again Brant, much appreciate your guidance and help with escalating with Atlassian.

- Shakir 

Brant Schroeder Community Leader Dec 28, 2020

I am going to reach out to Atlassian again, sorry for the delay.

Sorry I missed to update Brant.

I received the following message from Atlassian legal team which I think works for me.

"

Regarding CCPA, Atlassian does not sell any information that it collects from its customers or end users - we make this commitment in our privacy policy and data processing addendum. Accordingly, there is no need for a cookies opt-out related to CCPA.

Regarding GDPR, the cookies you cite ( ajs_group_id , ajs_anonymous_id ) are related to Atlassian’s performance-related analytics. We provide notice regarding this data collection in section 7.1 of our data processing addendum. We do not believe an opt-out or ability to restrict these cookies is necessary because they don’t collect any personal data regarding the end user - instead, they contain randomly generated IDs. These IDs help us understand an end user’s experience across out products, and benchmark performance of our products.

"

Brant Schroeder Community Leader Dec 28, 2020

Great

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

163 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you