IAPP Privacy. Security. Risk. 2025

SAN DIEGO

28-31 October

Back to conference agenda

Cookie Deep Dive: Maximizing Value While Minimizing Risk

Thursday, 30 Oct.

11:00 - 12:00 EDT

Intermediate level

BREAKOUT SESSIONPRIVACYENFORCEMENT
Download the presentation slides

David Cox, CIPP/US, CIPM, Assistant General Counsel, Privacy, Data Governance, and E-Discovery, Volkswagen Group of America
Elliot Golding, CIPP/US, Partner, McDermott Will & Schulte
Amber Mednick, CIPP/E, CIPP/US, CIPM, FIP, Managing Corporate Counsel, Privacy, T-Mobile
Mark Sauchelli, CIPP/US, Senior Vice President, Senior Associate General Counsel, Marketing, U.S. Bank

Cookies and other tracking technologies present significant opportunities (e.g., better advertising, data monetization, and insights) yet include substantial risks, such as wiretapping litigation and regulatory enforcement. Join this session for a technical demonstration of how cookies work, including how to conduct “cookie audits” (the same used by plaintiffs’ attorneys and regulators) and how to implement effective governance strategies, such as properly configuring cookie consent tools. Attendees will hear the latest litigation and enforcement trends and practical steps to reduce risks while maximizing data to support business needs. Speakers will also offer tips for turning legal/privacy teams from cost centers to profit centers by maximizing data for advertising, analytics, and monetization.

What you will learn:
  • How to conduct a technical cookie audit to evaluate whether digital properties use cookies/trackers at all, whether cookie tools are working, and to understand the risks/deficiencies.
  • How to get more involved early to reduce risks and help business clients leverage data more effectively. We will also demonstrate how to turn legal/privacy from a cost center to a profit center by improving advertising, analytics, and monetization.
  • Key risks and opportunities, focused on implementing and operationalizing these steps — for example, making key risk and compliance decisions, such as whether and how to use a cookie banner, how to address consumer rights, whether to enable geofencing, and whether to implement heightened controls when processing sensitive information and implementing risk decisions by configuring consent.