Website Breaking The Cookie Regulations
The regulations regarding Cookies is not something new, but until the RGPD (General Data Protection Regulation), it had not been defined so clearly and explicitly. Until that moment there were certain practices that were at least doubtful.
Table of Contents
Consent In The Cookie Regulations
The first and foremost thing is to define what consent is and what it is not. Article 4 (11) of the RGPD defines it as: “any manifestation of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data that concerns him” .
The fact is that there are cases in which web pages or Apps do not use valid forms of consent, either because there is no real choice, because you are forced to consent or because you suffer negative consequences if you do not. This is the case of those pages that require certain permissions on the mobile to download an application that does not really need them for its use (I would not be well informed). Also, the acceptance in exchange for accessing content, through the so-called cookie wall, which prevents viewing the content if it is not accepted (it would not be free).
Finally, scrolling (scrolling down the page) or simply continuing to browse are not forms of consent (because they are not a clear affirmative action).
To combat these bad practices, the Guide defines very well what Transparency is and also how consent should be Obtained
Information Transparency
The web must inform, respect to Cookies, either directly in its Privacy Policy (which must be linked from the cookie notice):
- What they are and what they are for.
- The types of cookies there are.
- Who will use them and for what.
- The way to accept, deny or revoke consent.
- If they are going to be transferred to third parties.
- If profiles are to be obtained in an automated way.
- The period of conservation of the data.
The information must be concise, transparent and intelligible. Therefore, it must be understandable to the average member of the target audience. The information must also be easily accessible, through a prominent link, the information must be present in the logical place where it is searched and permanently.
According to the philosophy of the double layer, the first must include the essentials (the person responsible for the website, the purpose of the cookies, if they are transmitted to third parties, what data is collected, how to accept, configure or reject) and a link to the second layer, which can be the complete privacy policy. Finally, the guide emphasizes that cookies of different nature must be differentiated, but they should not be differentiated one by one, since the acceptance or rejection process would be confusing for the user.
Obtaining Consent
As we have already said, consent is a clear affirmative action. Therefore, the consent information must appear separate from other matters and the user must be able to refuse to give it, or revoke it later. Withdrawal of consent must be easy to do. It must also be clear to whom or to whom consent is given (if there are third parties in addition to the editor of the website).
There are different forms of consent and all are valid, if it is informed in a clear and transparent way of how to give it:
- When registering for a service.
- When configuring the web page or application.
- Through consent management platforms.
- Before downloading a service or application.
- Through the layered information format.
- Through the browser settings.
Regarding cookies, as we have already said, the tacit consent (the text indicates “If you continue browsing you accept these conditions”) or the cookie walls (browsing is prevented if consent is not given) are not valid. The cookie walls would only be valid if an alternative is given to access the content that implies the user’s freedom to do so (even if it is prior payment, because the content is under subscription).
Update Of Consent And Third Party Policy
If the consent of cookies is given to third parties, the user must refer to the privacy policy of said third parties and clearly inform themselves of how to accept or reject their cookies.
Finally, the guide informs that if there are changes in the use of Cookies by the website, it must be reported so that the user gives a new consent. And it proposes, in case there are no changes , that the web store the consent given 24 months, before requesting an update.
A simple glance at the websites of the companies reveals that many still opt for tacit consent, or use tactics to obtain consent in a way that is not free for the user (for example, in exchange for being able to see the contents). It is essential to update the websites before the end of the transitional period (10/31/2020) because this could be the last notice from the regulatory entities.
Also Read : Best Apps To Edit Photos