Success Story
Learn how a global insurance and investment provider automated cookie discovery, categorization, and compliance workflows using UiPath, reducing a two-month process to days while achieving continuous privacy compliance.
For organizations in regulated industries that handle sensitive customer information, privacy compliance is not optional. Every cookie deployed across a company's digital properties must be identified, categorized, disclosed, and, where required, governed by user consent regulations. As websites, applications, and marketing technologies evolve, maintaining visibility into this growing ecosystem becomes increasingly complex.
Our client, a global insurance and investment provider with an extensive digital footprint, relied on a manual quarterly process to discover and classify cookies across its websites. Compliance teams spent weeks reviewing scan results, categorizing cookies, updating their cookie management platform, escalating unknown cookies for the privacy team to review, republishing consent scripts, and communicating updates to stakeholders. The end-to-end process could take up to two months to complete.
This lengthy cycle created a significant challenge. Every day between the introduction of a new cookie and its remediation represented potential compliance exposure. As the organization's digital presence continued to expand, so did the volume of cookies requiring oversight, increasing both operational burden and regulatory risk. The client needed a faster, more scalable approach to cookie governance that could keep pace with the growth of their digital ecosystem while reducing compliance risk.
In partnership with UiPath, Ashling built a cookie management and reporting solution that compresses the two-month cycle into days and enables continuous compliance. The automation handles roughly 90% of the upfront work, allowing the team to manually republish web scripts to the affected domains once categorizations are finalized.
Rather than batch processing once a quarter, the solution scans websites on demand, tracks changes, categorizes cookies, and prepares scripts so they are republish-ready for deployment. It runs on the UiPath platform and combines three coordinated components, orchestrated end to end through UiPath Maestro:
- Robots handle the repetitive, rules-based work: initiating scans, retrieving results, and applying updates.
- Agents apply AI-driven decision-making to categorize unknown cookies, using contextual grounding and the firm's business rules.
- Humans, through UiPath Action Center, review, edit, and approve the agent's categorization recommendations.
The automation triggers a set of website scans inside the firm's cookie management platform, pulling from a list of public domains the compliance team needs to review. Once the scan is complete, it retrieves the full results for each domain, including every applied cookie and its categorization, then sorts the cookies into three statuses: added, removed, and unknown. Each category follows its own handling logic. Added and removed cookies are updated in their cookie management platform and the internal inventory database.
Unknown cookies route to a UiPath Agent, where it is evaluated against contextual data and business-defined guidelines, then produces a categorization recommendation. A task is created in UiPath Action Center, where the reviewer sees the recommended categorization, the rationale behind it, and the cookie details. They can accept the recommendation or override it with their own notes.
This is a critical point: every automated result passes through human review before anything is finalized. The privacy team retains full oversight and governance over the Agent — nothing is applied without their approval. That human-in-the-loop ownership ensures accuracy, accountability, and a clear audit trail at every step.
Once review and approval are submitted, the automation applies every update to the internal inventory database and back into the cookie management platform. With categorizations finalized, scripts are then republish-ready.
What previously required two months of manual effort and coordination across multiple teams, is now executed in days with minimal human intervention.
By shifting from batch processing to continuous, demand-driven scanning, the organization achieves real-time compliance status across its entire digital property portfolio.
Robots handle structured, repeatable work. Agents bring intelligence to decisions that need contextual judgment. UiPath Action Center keeps people in control, ensuring that every output is reviewed, validated, and governed before it is finalized. Orchestrated together in UiPath Maestro, these components transform the entire business process from end to end.
